Martin Rudd, CTO, Telesoft Technologies discusses a different take on how to combat the cyber threat.
With the lowest ratings since the show began, Season 10 of the Walking Dead seems a show that is in a gradual decline. But it wasn’t always like that; think back to the heyday of Season 1 and some of the moments and episodes that we saw.
There is one in particular which is inspiring a new kind of cybersecurity camouflage. Surrounded by zombies with nowhere to go, Rick Grimes and co. decide to drench themselves in ‘bits’ of the dead in order to disguise themselves and sneak through the crowds. Which is interestingly the kind of precautions that forward-thinking security professionals are using to safeguard high-risk devices in the face of an ever-growing horde of cyber-ghouls looking to bring them down; by blending in with the infected, rather than fighting back against everything shambling towards them.
Cyber attacks are becoming more conscious
As hackers and cybercriminals get ever smarter, they are beginning to utilise more sophisticated code within the attacks they generate, in order to fine tune their results. That’s become a necessity when you consider that the sheer number of connected devices that are being targeted in attacks is an ever-growing vector.
Take, for example, the number of internet-enabled devices that the average tech-savvy professional may use in their day to day life. Even ten years ago it may have been a number viewed as only for pure tech-enthusiasts, but many people would now have a smartphone, tablet, laptop or PC, games console, smartwatch and even, in some cases, IoT-enabled fridges and washing machines. Recent research has shown that around 30% of UK residents have at least five IOT-enabled devices.
Then consider that these vectors can, in many cases, double in number when work devices are taken into account, especially if the person in question works within a technological field or with data. Even the most professionally run cybercriminal outfits have come to realise that they need to be more judicious with the devices they are choosing to spend time and resource in targeting.
In order to do this, some attacks are now being seen to carry code to not execute on previously infected devices; after all, there is no value in infecting something already compromised, or having to sift through the results to realise it. This cuts down on extraneous false positives for attackers to sift through and spend resource on attacking, when there may be no financial gain to be had.
The cover of darkness – triggering the kill switch
For as long as the cybersecurity industry has been active, the impetus has been to stop, block and tackle cyber attacks before they have a chance to inflict real damage. But there is a way to use the evolving strategy of the attackers themselves against them, by fooling the kill switches placed within their attacks.
Just as Rick Grimes and co. realised that they couldn’t lop the heads off every single zombie in an overrun Atlanta, CISOs are waking up to the fact that they often can’t defend against the huge number of ever-evolving attacks and exploits that are slowly advancing on their organisations. So, this is leading to the newer, high-risk school of thought: allowing some, previously-identified attacks through the net, where they can be halted merely by disguising devices as already having been infected.
The importance of threat intelligence and penetration testing
Of course, this relies on knowing just which attacks are utilising kill switches to not trigger when faced with a previously-infected device; not an easy task by any stretch of the imagination and one that comes with a high degree of risk. Just as often the schemes in a post-apocalyptic world can fall through if the smallest thing goes wrong, any plans of this nature need to be watertight.
Therefore, doing this – both in the identification stage and implementing this onto personal and business devices – relies heavily on a strong investment into expert threat intelligence and technical research, be it from the internal security team or outsourced. Threat intelligence through subscription services as a particular sector is predicted to rise by 22% between 2019 and 2025, with the entire industry surpassing a market value of $13 billion in that time too. So certainly, something for organisations to consider as an integral part of their cyber strategy.
It’s well-worth remembering that the ‘baked-in’ kill switches is a strategy that originally came from the threat intelligence and penetration testing industries, as they used them when testing attacks as part of simulation tests against their defences. By installing these, the researchers could ensure they could stop the attacks if they began to enact real harm – as long as those exploring this method of cyber protection were well-versed in the technology and strategy in order to carry out the necessary checks, tests and implementation of a kill-switch-triggering strategy.
Another benefit to using experts from this sector is that, with this previous history of utilising kill switches, they have a degree more professionalism in the matter than criminals using the technique. Need an example of how even major implementations of kill switch strategy can go wrong? One of the most substantial cyber attacks in the last few years, WannaCry, was stopped dead in its tracks by a single 22-year-old security researcher, who uncovered a kill switch that was accidentally left in when the exploit went live. That isn’t the kind of mistake anyone on the defensive side of the cyber battle wants to be facing.
Embrace the walking dead
Every security article is couched in the fact that the attack vectors, numbers of devices and geographical reach of criminals is increasing year on year. It’s a fact that both the defenders and the attackers are aware of; that the scale of the area is off the charts compared to anything that we’ve seen beforehand.
Subsequently, it’s clear that you can’t always throw more money, more bandwidth, or more time at the problem; be it criminals or security professionals, that kind of growth is unsustainable. What is needed is a shift in strategy, a smarter way of tackling the myriad problems groaning for brains outside of a company’s gates. This is one such shift.
And if cyber criminals are looking to use threat intelligence strategy such as kill switches to save themselves resource, well, it seems only apt to explore turning those techniques against them through savvy investment into threat researchers to capitalise on the secrets of the attacks coming our way.
If you would like to join our community and read more articles like this then please click here.
Post written by: Matt Brown
RELATED ARTICLES
January 7, 2025
Domain knowledge meets in-demand skills
The modern armed forces are undergoing a significant transformation. No longer is warfare confined to traditional battlefields; it has evolved
