Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

06:00 AM
Connect Directly

Inside Cyber Battlefields, the Newest Domain of War

In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.

BLACK HAT ASIA 2019 – Singapore –The nature of war has moved across land, sea, air, and space. Now we find ourselves in the cyber domain, where a new arms race will challenge defenders as adversaries adopt new tools, technologies, and techniques.

Mikko Hypponen, chief research officer at F-Secure, today took the stage at Black Hat Asia to discuss the implications of cyber warfare and how it will present challenges not seen before. The nuclear arms race, which he noted lasted about 60 years, is behind us. Today's conflicts unfold differently; as a result, we have different domains for different types of fighting.

"Technology has changed where wars are fought," Hypponen explained in an interview with Dark Reading. When the Internet was first built, he continued, geographical lines didn't seem to exist. It seemed a kind of borderless utopia where cross-country collaboration may be possible. Now, as we know, times have changed, andwars are now fought online.

Just as the domain of war has changed, so, too, have tools used in battle. We're no longer as worried about nuclear weapons as we were 20 years ago, Hypponen said. Nuclear weapons, only used twice in human history, are built on the power of deterrence. You know who has nuclear weapons and avoid conflict with them because of this power. The number of traditional weapons fighter jets, bombers, and aircraft carriers in each country can be learned via Google.

"We know exactly how many tanks the Russians have. We know exactly how many aircraft carriers the US has," Hypponen explained, pointing to a screenshot of this information found online.

Digital weapons are poor in creating deterrence because nobody knows who has which tools. They are effective, affordable, and deniable – a dangerous combination of traits. "There are very few weapons that have deniability," Hypponen emphasized. "Cyber weapons have that."

It's one of many qualities that make digital weapons particularly nefarious. Like guns and cannons of the past, cyber weapons also rot over time. The problem is, there's no way of knowing when their expiration dates will arrive. Offensive toolkits used in the military include exploits targeting vulnerabilities that security researchers are constantly hunting and patching.

Because they don't know how long their tools will be viable, militaries have no guarantee their investment in digital weapons will yield an ROI. This creates a scenario in which it's likely those attacks will end up being used so they can justify the cost of building them, Hypponen added.

Nation-States vs. Cybercriminals: Defensive Tactics
Today's government cyberattacks are predominantly for spying and espionage, and Hypponen noted the importance of distinguishing between spying and warfare. Most cybercriminals are after money. If a cybercriminal targets your organization, chances are they're not particularly interested in the business itself. They're looking for quick, easy cash.

Businesses don't need advanced defenses to keep cybercrime at bay, Hypponen explained. If someone is seeking money and their target makes it difficult or expensive, they'll move on to a victim with weaker defenses. "The Internet is a garden of low-handed fruit," Hypponen added.

Nation-states are different. They won't change their mindset or swap targets. They're following orders to break into a specific organization and steal data. They'll keep at it until they succeed.

There are ways of fighting back, he continued. When an attacker creates unique Trojans or backdoors, for example, you can use those to detect them by reputation. Hypponen also advises companies to avoid building defenses like a fortress. High walls won't prevent attackers from getting in – and the larger a network is, the more likely it will be breached.

Knowing your outside defenses will fail should change security experts' mindset. Instead of focusing on the perimeter, focus on what's inside the network. You're more likely to spot intruders early, which will help your ability to detect attacks and respond faster.

What Comes After Cyber?
"I believe we are in the very beginning of the cyber arms race," Hypponen said. Still, he added, "it's important to remember this isn't where it ends; there will be new domains." While it's hard to imagine what comes after cyber, mankind will never stop fighting. New conflicts will emerge.

Robotics and drones come to mind, he continued. Both already exist; however, ethics pose a challenge in development. We don't like the idea of machines deciding who is killed, Hypponen explained, but different forces are driving us to war in a world where machines will kill on their own. Artificial intelligence (AI) and machine learning, both modern buzzwords in cyberspace, have potential to drive this.

We still have to define what we mean by AI and machine learning, he continued. We also have to be very, very careful about where technology companies draw the line as they race to build genuine AI. This concerns Hypponen in the rush to AI development.

"When you're in a race, what you don't do is stop and look around and make sure you're doing everything carefully," he pointed out.

Hypponen said he anticipates we'll see machine learning in real-world cyberattacks as the barrier to entry lowers. Today, you have to be a computer science gradute to deploy a machine learning system. But in 10 years, or five years, these systems will be so easy to deploy that anyone could do it – and they will. The lack of skill protects us now; it won't protect us much longer.



Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
4/16/2019 | 2:45:31 AM
Up our game!
So wars are taking place on the digital side of the world now? Have we really been too complacent with tech advancements that we completely overlook the security portion of what we have been using? There have been way too many cases of security lapses when organizations become too lax with their security efforts. We really need to up our game for our own sake!
User Rank: Apprentice
4/1/2019 | 4:21:30 AM
Re: New focus on detection
Useful and very interesting article, thank you.
User Rank: Apprentice
3/28/2019 | 6:03:24 PM
New focus on detection
The difference between cybercriminals and nation -states -- nailed it.  "Instead of focusing on the perimeter, focus on what's inside the network. You're more likely to spot intruders early, which will help your ability to detect attacks and respond faster."  We've been putting this theory to the test with large organizations and agencies around the world.  Using new technologies on the market we have been gaining visibility into attackers by keeping the focus on code execution, a process running and memory, with additional fine-grained monitoring of syntax and interpreter output.  This has enabled detection of attacks that aren't easily identified using WAF, AV, Scanners, RASPs, especially without some prior rules developed based upon previous insight.  #KeepingItShort
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-26
IBM Spectrum Scale 5.0.0 through and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.
PUBLISHED: 2021-01-26
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...