High-profile, global events are always likely to create cybersecurity concerns – and the Olympic Games is no exception.
During the 2020 Tokyo Olympics and Paralympics, the NTT Corporation – which provided its services for the Tokyo Olympic and Paralympic Games – revealed it successfully blocked over 450 million attempted cyber security related incidents during the event. And there were concerns of similar cyber events ahead of this year’s Beijing Winter Olympics. Let us be clear that the 450 million blocked attempts were those that were detected. It stands to reason that the real number was higher as there will have been an unknown number of cyber security incidents that went undiscovered.
In the weeks leading up to the Opening Ceremony, the FBI issued a briefing note which urged US athletes to use burner phones. Cybersecurity researchers found vulnerabilities in the My2022 app, the official platform for the Beijing organising committee, which was developed for use by athletes, journalists and other attendees at the event. COVID restrictions also prevented the usual numbers of spectators at the Games, which sparked concerns over cyber actors using ransomware to execute DDoS attacks against Internet service providers and broadcasters to disrupt service during the event.
So how should security teams best safeguard such events?
The international threat landscape is changing
There is no doubt that cybersecurity threats are increasing globally. According to industry experts, 2021 saw 50% more cyberattacks per week on corporate networks compared to 2020, and ransomware attacks in particular are only expected to continue into 2022.
In this context, an event such as the Olympics doesn’t just pose security risks for individuals – it can have implications for national security too, giving cyber actors an opportunity to not only to steal information or install tracking tools, malicious code, or malware onto personal devices, but also disrupt national network services too.
Further to its guidance over burner phones, the FBI recommended maintaining offline, encrypted backups of data, and that any visitors to China regularly update their VPNs, network equipment, and scan for viruses or malware. In addition, there are a number regulatory and best practice requirements that need to be implemented, monitored and assured. But are these measures enough?
Why there is no single solution when it comes to cybersecurity
Ultimately, no security team would ever claim that they can stop 100% of all attacks. And with events like the Olympics sparking the attention of cybercriminals the world over, it is inevitable – and well accepted – that someone will break through the barrier.
The key is therefore that any malicious activity – or the possibility of malicious activity – can be identified as quickly as possible and stopped, before it can disrupt services or exfiltrate information. However, detecting attempted breaches or anomalous activity on networks has been rendered hugely more challenging with the widespread adoption of end-to-end encryption. Because, while end-to-end encryption offers the opportunity to ensure end-user and transactional privacy, it also introduces new challenges for security teams that could end up leaving information exposed.
Indeed, even the FBI has become increasingly wary of the consequences of strong encryption in the fight against cybercrime. Why? The same encrypted avenues that are used to protect the privacy of data are now also being exploited by cybercriminals to hide their behaviour from detection. This potentially malicious activity is easily hidden within legitimate encrypted traffic, with TLS encryption commonly used to hide aspects of intrusion, egress, and lateral movement in target networks. There is an option in some circumstances to use decryption of encrypted traffic for security inspection. However, there are challenges in this approach Firstly, the sheer volume and speed at which data passes across networks. Second, is the requirement to selectively decrypt some classes traffic in line with corporate policy: is it ok for your employer to decrypt and inspect your Social Media or Personal banking traffic? Finally, the fact that newer versions of encryption can make in-line decryption practically impossible. In addition, there are regulatory and regional nuances to contend with.
This presents a significant and very dangerous blind spot for security teams. Most of the established means of detection and counter measures for malware detection are ineffective at identifying threats in encrypted traffic.
Instead, security teams need capabilities that will help them identify anomalous activity without decryption – and probability is the key to this approach. Using real-time behavioural analysis and machine learning, Encrypted Traffic Analysis (ETA) examines encrypted traffic in transit and provides a clear understanding of risk in the moment and over time. This not only significantly increases the rate at which malicious, anomalous or aberrant encrypted traffic can be detected, but the speed of detection too. By alerting in real time, security teams can react immediately to contain real and potential threats as they are introduced, rather than responding after the fact.
So, if there’s no silver bullet for security… can we create a gold standard instead?
As we’ve seen, in today’s climate, cybersecurity threats are only becoming ever more sophisticated and cyber actors are finding new opportunities to strike. Whether it’s an international sporting event or enterprise network, the risk of infiltration is high and security professionals must ultimately be vigilant to the risks that encryption can pose, whether through inappropriate implementation or when used by a malicious actor.
Simon Mullis, Chief Technology Officer at Venari Security
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.