‘Trust’ attacks in the news
A new year, a new threat. Modern attackers are moving away from pure data theft or website hacking, to attacks that have a more subtle target – data integrity. In 2017 we expect to see attackers use their ability to hack information systems not just to make a quick buck, but to cause long-term, reputational damage to individuals or groups, by eroding trust in the data itself.
The scenario is particularly worrying for industries that rely heavily on public confidence. A laboratory that cannot vouch for the fidelity of medical test results, or a bank that has had account balances tampered with, are examples of organisations at particular risk. Governments may also fall foul of such attacks, as critical data repositories are altered, and public distrust in national institutions rises.
These ‘trust attacks’ can also be expected to disrupt the financial markets. An example of this is falsifying market information to cause ill-informed investments. We have glimpsed the potential of disrupted M&A activity through cyber-attacks already - is it a coincidence that the disclosure of the Yahoo! hack happened while Verizon was in the process of acquiring the company?
And these attacks even have the power to sway public opinion. Hillary Clinton’s election campaign suffered a blow when tens of thousands of emails from her campaign were leaked. An even graver risk would be that a nation state or other sophisticated group could not just leak emails, but manipulate them to create a false impression that a candidate has done something illegal or dishonourable.
While the result of this year’s US presidential election may seem stranger than fiction, tomorrow’s cyber-attacks will make it harder than ever to separate the real from the false.
Humiliated at the top
Away from the headlines, businesses suffer daily attacks that would be detrimental to trust if allowed to escalate. Senior figures are often purposefully or indiscriminately the subject of such attacks, which, if revealed publically, could humiliate the individual and slight an organisation’s credibility. For example, Darktrace recently discovered that a senior executive of a US finance firm visited a website that was prompting visiting devices to communicate with it via an insecure channel, revealing sensitive details in the URL such as name, contact details and passwords.
This wealth of personal information was open to be intercepted and exploited – it could have been used to personally target the senior executive via a phishing campaign, or allow the attacker to impersonate him by logging into services where the same logins were used. Although the finance firm had deployed legacy security tools across their network, the activity was not flagged as threatening due to the website itself being legitimate. However, Darktrace was able to identify the connection as abnormal, allowing the company to investigate and stop the threat before damage was done.
Bad data, bad decisions
Crucially, decision-making by senior government officials, corporate executives, investors or others could be impaired if they cannot trust the information they are receiving.
For instance, what if critical infrastructure providers were targeted by hacktivists wanting to turn off an oil rig? Instead of targeting the oil rig itself, an attacker could hide smart malware in the geophysical survey databases allowing the underlying data to be changed, so that the multimillion pound drilling rights are bought in the wrong places and many oil rigs come up drier than expected. If the attack thinks the survey database is too well protected, they could infiltrate the ocean sensors (Internet of Things) that are collecting the data in the first place and influence the decisions right from the start of the ‘information supply chain’.
This is just one example of how the bad guys could cause damage by undermining the integrity of data. But ultimately, any business that makes strategic decisions based on data is equally vulnerable, such as the financial services sector.
Assuring confidence with machine learning
Clearly, today’s increasingly sinister attackers can erode our faith in large corporations and public figures alike. So, what can be done? The bottom line must be that we cannot continue with security status quo, when the rules have changed. The threat is inside the network. Just like how the human immune system detects and responds to new viruses under the skin, organisations need to constantly monitor for compromises within their borders. This requires learning a sense of ‘self’ and rapidly responding to ‘non-self’ behaviours, before they cause crisis.
New machine learning technology and advanced mathematics can effectively mimic an organisation’s ‘immune system’. Such technology is able to learn on its own and intervene early in suspicious activity, without relying on rules and signatures to look for pre-categorised threats. By mapping the typical interactions between every user, device and network as a whole, anomalous digital behaviours, symptomatic of insider or external threat, can be detected and efficiently dealt with before they develop. This level of visibility is especially important given the growing prevalence of insider threats, whereby employees or, even third party suppliers, purposefully or inadvertently put data and systems and risk.
Moving into 2017, machine learning will be indispensable in automating threat detection and response. As we saw last year, new threats like ransomware can spread in minutes. With human security teams unable to match such speed, it is time for the machines to fight back.
This approach is the best chance we have to stop ‘trust’ attacks in their tracks and protect the confidence we have in the data and decisions that underpin modern society.
Dave Palmer, Director of Technology, Darktrace
Image source: Shutterstock/lolloj