A new era of cyber threats
More than 1.7 billion user records were leaked through ‘Collection #1’ data breach last January alone. Collection #1 is the name of a set of email addresses and passwords that appeared on the dark web around January 2019. The larger part included email addresses and passwords in plain text. Last March, cybersecurity researchers in Israel announced the discovery of a computer malware capable of adding tumours in CT and MRI scans designed to fool doctors into misdiagnosing patients and the list goes on. Computer malware is software developed by cyber actors with a malicious intent.
Initially, the design of the internet did not take into account the numerous vulnerabilities which cyber criminals exploit to this day. Mr. Mikko Hyppönena, a global security expert, affirms that the problem with the internet is that privacy and security has been ‘bolted on’, meaning that security is in most cases an afterthought rather than designed with security in mind – security by design.
The internet was originally invented for the facilitation of communication in the military domain. However, over the years, similarly to any other tool, it has been abused for malicious intent. Therefore, the day-to-day challenge at the MITA Security Operations Centre (SOC) is to predict, prevent and detect any cyber threats, intended to exploit vulnerabilities within government infrastructure, ensuring a secure environment for government’s digital data, at rest and in transit.
According to the Oxford English Dictionary, a cyber threat is defined as the possibility of a malicious attempt to damage or disrupt a computer network or system. Cyber threats will possibly continue affecting computer users. It would be foolish to believe that any amount of security controls can certify an information system to be immune to cyber threats, although it can drastically contribute in reducing the risks. In order for a solution to be 100% immune from cyberattacks it has to be isolated from any network and physically locked, working in an air-gap, in which case the solution might not be able to attain its intended objectives. All organisations must determine their willingness to expose themselves to risk - risk appetite - in order to attain the advantages brought about by technology. Risk appetite depends on many factors such as nature of business, sensitivity of data, regulation and legislation.
The level of security of data is assessed using the CIA triad, namely, Confidentiality, Integrity and Availability. Confidentiality defines who has access to information, and integrity provides a guarantee that information is accurate and trustworthy, while availability reflects the reliable access to information.
Statistics
Cyberattacks are continuing to increase to levels that have never been reached before. Today, cyber criminals rake in over €1.3 trillion every year. By the year 2021, organisations are projected to lose over €6 trillion due to damages caused by different types of cybercrimes. Consequently, cyber actors continue developing new malware whose level of stealth and sophistication is alarming. As the processing power of computers increase and innovative technologies are made easily accessible to everyone, malware is also increasing in complexity such that it can infect and exploit a computer resource without the user noticing. Anonymity tools are used by malicious actors to disguise their identity and tracks while performing their cyberattacks.
In this emerging era of modern cyber threats, the human intervention is simply not enough. MITA Security Operations Centre bolsters a variety of security tools making use of innovative technologies - including Artificial Intelligence, Machine Learning, Big Data and Blockchain technologies - such that they can identify and flag down anomalous or suspicious behaviour, in a timely manner, for MITA’s team of security analyst experts to handle.
Hackers vs. Security Engineering
In a phishing campaign, cyber adversaries send out batches of malicious emails, with every batch having a different approach, but all attempting to infiltrate the security measures put in place. The motive behind such emails are mainly theft of sensitive information such a user credentials or financial scams but can also be regarded as an ingenious way to infiltrate an otherwise impenetrable infrastructure. The email could be crafted in such a way that it appears harmless by spoofing the sender address and/or the writing style. The recipient is lured to a malicious resource intentionally developed to mimic a familiar resource such an online email service.
The MITA Security Operations Centre Team deals with phishing instances by adding specific security mechanisms on the Government infrastructure to minimize further influx of a phishing campaign and provide additional protection to the victims. In the case an email contains a suspicious attachment, this is analysed and reverse engineered in a detonation or sandboxed environment in a bid to discover indicators of compromise (IOC). These IOC refer to any unique resource which can be attributed to the original malicious source or campaign. However, the attacks become more dangerous if the malicious emails originate from legitimate domains such as ‘accounts@yourusualsupplier.co m’ that have been compromised such that the recipient would unlikely suspect a phishing incident. Experience shows that it is very important that the files attached in an email are analysed by an antivirus solution and only opened by the user if they relate to the contents of the message. For example, to take a real-life scenario, it would be very unusual for a supplier to email an invoice which is in Excel format. Such a case would require the recipient to use other means to contact the supplier to determine the authenticity of the email.
The risk of cybercriminals using compromised user credentials obtained from data breaches is now being mitigated through the implementation of multi-factor authentication, adding an extra security layer. As the name suggests, users require to provide a correct password in addition to a second authentication mechanism such as a randomly generated code from an app, an SMS or a phone call delivering a code on their personal phones.
One may visualize this scenario better by comparing it to a safe. The safe is secured by a key lock. Anyone possessing an exact copy of the key would have access to the safe. If the safe is protected by a key lock and a PIN code, how much harder would that be for a thief to get in? Multi-factor authentication should be implemented to protect your online identity and is available as a security feature in most social media platforms.
Backup
Backup is an important security control which is commonly overlooked. Scheduled backups are crucial to safeguard the availability of data, since mishaps can never be predicted and one needs to be always prepared. Backups have evolved from the less secure hard drive or pen drive backups to cloud backups which offer better reliability and availability. Given the ransomware trends in the past three years, all backup data should be segregated from the live system such that malwares cannot tamper with the backup copy of data. A common type of ransomware is the encryption of the user’s files making them unusable, asking users for a ‘ransom’ in order to reverse the encryption. To become immune to current threats, a traditional cloud backup would not be sufficient. One needs to opt for a cloud backup with version history to contravene ransomware attacks. If we were to compare this process to a computer game, backing up your data every day is like giving an ‘extra life’ to your data whilst renewing it every day. This stance will be drastically reducing the chance of a game over (unrecoverable data).
Cyber Hygiene
The UK’s National Cyber Security Centre, who amongst other responsibilities are entrusted to support the UK’s most critical organisations, advise users to use a three-word random password known as passphrases that are easy to remember but difficult to be guessed by others. Adding a symbol to the passphrase would significantly increase its complexity, making it impractical for any computer to brute-force a 15-character passphrase.
Investment in security tools is imperative for additional security. However, without adequate cybersecurity education and awareness, they would not be as effective. Ongoing cybersecurity awareness campaigns are crucial in imbuing a cyber hygiene culture. Cybersecurity is a shared responsibility and it should be everyone’s priority because as the saying goes “you are as strong as your weakest link!”.