Following today’s release of CrowdStrike’s new report on levelling the playing field in the world of cybersecurity, specifically the levelling off between nation states and cyber crime groups. I’d like to offer you further insights from Ross Rustici, senior director, intelligence services, Cybereason. The report also dives into sophisticated threats and new attack vectors being used by hackers to gain access to proprietary information, identities and critical infrastructure. This is something which Cybereason has been at the forefront of since 2015. Ross Rustici, Senior Director, Intelligence Services at Cybereason commented below.
Ross Rustici, Senior Director, Intelligence Services at Cybereason:
“CrowdStrike’s report is needed in the industry but it brings to light issues that have been at the forefront of the cybersecurity industry for quite some time. So that really isn’t anything new or alarming. Fileless malware, powershell attacks, ransomware and other destructive attacks are exceptionally good at evading legacy AV systems. However, new generations of security tools have done a good job of addressing these challenges. Behavioural analytics and network security tools have a much higher chance of catching the abuse of built in system functions for hacking.
As hackers converge on a universal skill set and capabilities that looks very similar to nation state activity from 4 to 5 years ago our entire approach to security needs to change. There is no silver bullet technology or mitigation package that will make a network completely safe. Rather, the defenders need to adopt a spoiler mindset. A two hour dwell time on an endpoint results in significant opportunity to detect some malicious activity on that one system. Furthermore, there are dozens of things that can be done to shape how and when a hacker conducts their lateral movement. Companies literally own the battlefield when it comes to cybersecurity.
CrowdStrike’s report is just one more in a long line of publications that demonstrates the increasing futility of technical attribution. The largest detriment of this trend of nation states hiding in the hacking noise is that the security industry no longer can have confidence in its traditional technical attribution models. Relying on code usage and IPs in a world where we know tool kits and techniques are shared, stolen, and sold amongst hackers is a recipe for misattribution. Hackers, especially the higher tier have proven time and again that they are capable and willing to play on cybersecurity’s habit of confirmation bias by using false flags to point the community in the direction of a particular nation state or criminal group that is either:
1) currently the most talked about group making which plays into the self interest of the company of finding something that already garners a lot of media and PR attention; or
2) plays to the nationalism of the victim.
Cybersecurity is once again facing the evolutionary pressure of a changed, hostile environment. Either we adapt and focus more on behaviour modelling to increase the costs of each step of an intrusion or we wind up being as effective and infamous as the maginot line.”
