How the military is tackling the ransomware epidemic



As organizations still recover from the fallout from global ransomware attacks, Nicola Whiting, COO at Titania, explores how the military has bolstered its defenses against the outbreak

The rise of automation in the global economy has impacted everything from media and financial services to information technology and healthcare.

Around the world, industries are adopting automated technologies to improve the efficiency of their operations and accelerate the productivity of the human workforce. At Titania, we know that the cybersecurity industry is no different; clients such as leading defense agencies and military forces such as the US Department of Defense, the US Air Force and NATO were among the first to adopt automated technologies in their cyber operations.

In the context of cybersecurity, these technologies can dramatically improve the defensive capabilities of any organization by auditing vast amounts of cyber infrastructure for vulnerabilities often exploited by hackers. From a defensive standpoint, any open ports, unpatched software, or firewall vulnerabilities can be identified and a full report provided on how to resolve the issue.

Traditional security “scanners” mimic cyber attacks, indiscriminately bombarding an outside network in the hope of exposing a vulnerability. It’s the same as the Navy bombarding one of its own warships to find weak spots in the ship’s hull – an ineffective approach that produces unreliable results.

On the other hand, intelligent automated software can scan the internal instruction set of any network or system to find deep structural vulnerabilities and use fine-grained analysis to identify open doors that hackers are looking for. It would be the same as identifying weaknesses in a building by analyzing every line of the architect’s structural drawings, all in seconds. The benchmark speed of these technologies is phenomenal, with some having proven their ability to perform a line-by-line audit of 200 CISCO systems in just two and a half seconds.

These automated cybersecurity technologies have proven invaluable to organizations defending themselves against the growing attacks of cyber attacks, especially the global epidemic of ransomware attacks and the growing trend of hackers to spread these attacks by the thousands using ‘mass distribution tools. At least two major ransomware attacks have hit organizations globally this year alone, and many smaller-scale attacks have also been observed. The situation is so dire that according to a recent survey of 600 business decision makers and 1,200 employees by email security company Clearswift, nearly 60% of organizations expect another global ransomware attack very soon.

This unprecedented spike in ransomware attacks is no coincidence. The belly of the internet, known as the dark web, is home to an underground hive of criminal activity. By peddling their wares on a highly developed cyber weapons bazaar, hackers sell ransomware attack software with varying levels of sophistication, with performance ratings and user reviews. To attract their customers, some hackers even offer a money back guarantee with their ransomware arsenals.

These weapons are designed to exploit unpatched vulnerabilities and reproduce autonomously in all systems with this vulnerability, on any computer, anywhere in the world. Available for purchase or rental, they can be reused and customized for any particular task, from hacking a bank to attacking a hospital.

The worldwide damage inflicted by the WannaCry ransomware attack that hit the NHS and other organizations earlier this year is the result of one of these tools. The attacker (s) used standalone delivery software known as “Eternal Blue” to deliver ransomware payloads en masse. A sophisticated virtual “transport” mechanism, Eternal Blue allowed the ransomware to scan for a specific vulnerability in file sharing protocols implemented on internal computer networks, then issued a payload whenever this vulnerability was found. found. As a result, WannaCry has spread like wildfire around the world, infecting Spain’s Telefonica, US FedEx, and German Deutsche Bahn, among others. Over 300,000 IT systems in 150 countries have been affected by the use of a single delivery tool.

At present, the workforce simply does not exist to enable organizations to properly defend against such attacks. According to the world’s largest cybersecurity membership body (ISC) 2, the world is on the verge of a severe human resource shortage in the information security industry, leaving organizations strapped for cash. means when it comes to defending yourself online. (ISC) 2’s 2017 Global Information Security Workforce Study, the largest ever survey of the global cybersecurity workforce, found an expected shortage of 1.8 million cybersecurity workers by 2022 With the increasing use of automated ransomware distribution tools, coupled with the dearth of advocates, industries around the world are subject to one of the greatest threats to their economic vitality that they have ever encountered.

However, for Western armies, whose battles increasingly take place in cyberspace, such a threat to their critical systems cannot be left on their own. Behind the escalation of ransomware attacks lies the growing investment of governments, terrorists and other groups in “cyber-offensive” capabilities; the development of cyber weapons that offer the possibility of penetrating enemy networks and systems and projecting world power into cyberspace.

UK security services and independent security firms widely suspect that the North Korean-backed hacking group Lazarus was behind the WannaCry attack. A growing trend in cyberspace, proxy wars are waged by nation states operating through networks of puppet actors, making the Internet the battleground for a growing “cyber cold”. The White House Cyber ​​Incident Response Director for the Obama Administration said, “The Internet enables malicious cyber actors to deliver weaponized tools, at a scope and scale unlike any we have ever seen. States intentionally disclose cyber weapons to hacker groups, with the anonymity provided by the web ensuring the perfect smokescreen for their actions. As a result, military-grade cyber weapons are increasingly infiltrating the online underworld, giving even the most amateur hackers access to devastating cyber weapons with the ability to inflict massive damage. WannaCry level.

At the forefront of cyberspace warfare, the military are using automated defense software to bolster their digital infrastructure against these weapons. While rigorously analyzing every line of code in everything from a military airbase in Europe to laptops in Afghanistan, these technologies allow human cyber officers to be reassigned to strategic and cyber-offensive roles, leaving the security audit to the machines. . Dramatically reducing demands on heavily strained human resources, these automated systems help fill the cybersecurity skills gap that threatens the security of global industries.

Similar to the adoption of automated technologies we’re seeing in other industries, automated audit tools could allow organizations to create virtual cybersecurity ‘teams’ that work alongside human cybersecurity professionals, helping them anticipate and counter future dangers faster and more effectively.

With advancements in ransomware technology escalating exponentially, allowing criminals to launch global cyber attacks with minimal time and resources, it is critical that organizations adopt automated systems like the military have done. . Not only will this put them on a level playing field with attackers, but it will reduce the time and cost of building up their defenses.

Nicola Whiting, Chief Operating Officer, Titania

Image Credit: Carlos Amarillo / Shutterstock



Comments are closed.