Protect 2018: FireEye Inc. Offer A View From The Front Lines

Via Wikimedia Commons.

The annual Protect conference is known for its strong emphasis on cyber issues. This year’s installment kept up the tradition and featured guest speakers furnished by the companies who paid for sponsorships. One of them was Roland Ong, a Philippine Army reservist and cybersecurity veteran, who delivered a breakdown of FireEye Inc.’s most recent M-Trend report in a presentation titled Cybersecurity: A View From The Front Lines.

Although FireEye Inc. provide so much cybersecurity literature as free downloads it’s worth revisiting its assessment of the disturbing trends that threaten companies in the medium-term. While these risks can be mitigated it’s important for the potential victims–companies with vulnerable data–to be fully aware of the stakes. And they can’t be any higher than now.

Timeline of cybercriminal tools. Via FireEye Inc.

Too Many Targets

What is currently understood as cybercrime today are often premeditated efforts to extort money and harvest data through a multitude of channels. FireEye calls this a “vastly expanding surface attack area,” meaning the multitude of vulnerabilities found among mobile devices, exposed workstations, and wireless hardware are impossible to patch and analyze all at once.

The emergence of advanced persistent threats (APT) is driving this chaos since, according to FireEye, these are carried out by professional attackers who tailor intricate campaigns for specific targets. This puts cybersecurity professionals at a disadvantage since attackers are never properly attributed and the losses they inflict are only discovered once a genuine breach is exposed.

Security Is Expensive

It doesn’t work all of the time either. FireEye believes the worst aspect of current cybersecurity is the lack of prioritization filters. Based on research by Mandiant the majority of companies deal with data breaches after the fact. It may take five months before these are even detected and, on average, companies only learn about them when informed by an outside party.

This dismal pattern is made worse by the ballooning costs of cybersecurity and the little it can accomplish when faced with apathy and carelessness. It doesn’t help that, in North America at least, there’s a serious skills gap in the security workforce who have to contend with determined and ruthless adversaries.

The new patterns in the cybersecurity landscape. Via FireEye Inc.

Operational Chaos

The “internet police” don’t exist. But there’s no shortage of bad actors in cyberspace. FireEye has discerned some universal traits among this shadowy demographic. The criminals who assemble APT campaigns often spend a lot of time profiling their targets and strategizing how to exploit them. To conceal their motives, they can adopt a persona affiliated with hacktivism and prefer victimizing third parties. These victims can then lead to the actual targets.

A number of new tactics have emerged to better conceal APT operations. These include employing backdoors that use cloud services for command and control and exfiltration for the APT actors; finding vulnerabilities in authentication protocols; using malware that doesn’t embed in the target’s operating systems so that it runs undetected.

The sum of these methods is a volatile environment for businesses and a target rich theater for criminals.

A Reactive Arsenal

Effective cybersecurity is built on past experience and received wisdom, being designed for reacting to attacks. It isn’t surprising how practitioners are left at a disadvantage against APT actors who invent novel strategies to steal data and extort money. This means it’s paramount for security teams to, at the very least, acknowledge the nature of their adversaries.

FireEye have three rules of thumb when it comes to APT operations. First, there’s always a human behind a keyboard targeting a company. Second, this human is part of a team who have clear objectives they will aggressively pursue. Third, shutting them out of any network sets the stage for the next attacks that are harder to detect–APT campaigns are built around obfuscation.

For these reasons, constant preparedness is the only sensible foil for thwarting the baddies. Being up to speed helps a lot too. So keep learning.

Via FireEye Inc.