Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

3/28/2019
06:00 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Inside Cyber Battlefields, the Newest Domain of War

In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.

BLACK HAT ASIA 2019 – Singapore –The nature of war has moved across land, sea, air, and space. Now we find ourselves in the cyber domain, where a new arms race will challenge defenders as adversaries adopt new tools, technologies, and techniques.

Mikko Hypponen, chief research officer at F-Secure, today took the stage at Black Hat Asia to discuss the implications of cyber warfare and how it will present challenges not seen before. The nuclear arms race, which he noted lasted about 60 years, is behind us. Today's conflicts unfold differently; as a result, we have different domains for different types of fighting.

"Technology has changed where wars are fought," Hypponen explained in an interview with Dark Reading. When the Internet was first built, he continued, geographical lines didn't seem to exist. It seemed a kind of borderless utopia where cross-country collaboration may be possible. Now, as we know, times have changed, andwars are now fought online.

Just as the domain of war has changed, so, too, have tools used in battle. We're no longer as worried about nuclear weapons as we were 20 years ago, Hypponen said. Nuclear weapons, only used twice in human history, are built on the power of deterrence. You know who has nuclear weapons and avoid conflict with them because of this power. The number of traditional weapons fighter jets, bombers, and aircraft carriers in each country can be learned via Google.

"We know exactly how many tanks the Russians have. We know exactly how many aircraft carriers the US has," Hypponen explained, pointing to a screenshot of this information found online.

Digital weapons are poor in creating deterrence because nobody knows who has which tools. They are effective, affordable, and deniable – a dangerous combination of traits. "There are very few weapons that have deniability," Hypponen emphasized. "Cyber weapons have that."

It's one of many qualities that make digital weapons particularly nefarious. Like guns and cannons of the past, cyber weapons also rot over time. The problem is, there's no way of knowing when their expiration dates will arrive. Offensive toolkits used in the military include exploits targeting vulnerabilities that security researchers are constantly hunting and patching.

Because they don't know how long their tools will be viable, militaries have no guarantee their investment in digital weapons will yield an ROI. This creates a scenario in which it's likely those attacks will end up being used so they can justify the cost of building them, Hypponen added.

Nation-States vs. Cybercriminals: Defensive Tactics
Today's government cyberattacks are predominantly for spying and espionage, and Hypponen noted the importance of distinguishing between spying and warfare. Most cybercriminals are after money. If a cybercriminal targets your organization, chances are they're not particularly interested in the business itself. They're looking for quick, easy cash.

Businesses don't need advanced defenses to keep cybercrime at bay, Hypponen explained. If someone is seeking money and their target makes it difficult or expensive, they'll move on to a victim with weaker defenses. "The Internet is a garden of low-handed fruit," Hypponen added.

Nation-states are different. They won't change their mindset or swap targets. They're following orders to break into a specific organization and steal data. They'll keep at it until they succeed.

There are ways of fighting back, he continued. When an attacker creates unique Trojans or backdoors, for example, you can use those to detect them by reputation. Hypponen also advises companies to avoid building defenses like a fortress. High walls won't prevent attackers from getting in – and the larger a network is, the more likely it will be breached.

Knowing your outside defenses will fail should change security experts' mindset. Instead of focusing on the perimeter, focus on what's inside the network. You're more likely to spot intruders early, which will help your ability to detect attacks and respond faster.

What Comes After Cyber?
"I believe we are in the very beginning of the cyber arms race," Hypponen said. Still, he added, "it's important to remember this isn't where it ends; there will be new domains." While it's hard to imagine what comes after cyber, mankind will never stop fighting. New conflicts will emerge.

Robotics and drones come to mind, he continued. Both already exist; however, ethics pose a challenge in development. We don't like the idea of machines deciding who is killed, Hypponen explained, but different forces are driving us to war in a world where machines will kill on their own. Artificial intelligence (AI) and machine learning, both modern buzzwords in cyberspace, have potential to drive this.

We still have to define what we mean by AI and machine learning, he continued. We also have to be very, very careful about where technology companies draw the line as they race to build genuine AI. This concerns Hypponen in the rush to AI development.

"When you're in a race, what you don't do is stop and look around and make sure you're doing everything carefully," he pointed out.

Hypponen said he anticipates we'll see machine learning in real-world cyberattacks as the barrier to entry lowers. Today, you have to be a computer science gradute to deploy a machine learning system. But in 10 years, or five years, these systems will be so easy to deploy that anyone could do it – and they will. The lack of skill protects us now; it won't protect us much longer.

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ThomasMaloney
50%
50%
ThomasMaloney,
User Rank: Apprentice
4/16/2019 | 2:45:31 AM
Up our game!
So wars are taking place on the digital side of the world now? Have we really been too complacent with tech advancements that we completely overlook the security portion of what we have been using? There have been way too many cases of security lapses when organizations become too lax with their security efforts. We really need to up our game for our own sake!
blodgettcalvin
50%
50%
blodgettcalvin,
User Rank: Apprentice
4/1/2019 | 4:21:30 AM
Re: New focus on detection
Useful and very interesting article, thank you.
California4
50%
50%
California4,
User Rank: Apprentice
3/28/2019 | 6:03:24 PM
New focus on detection
The difference between cybercriminals and nation -states -- nailed it.  "Instead of focusing on the perimeter, focus on what's inside the network. You're more likely to spot intruders early, which will help your ability to detect attacks and respond faster."  We've been putting this theory to the test with large organizations and agencies around the world.  Using new technologies on the market we have been gaining visibility into attackers by keeping the focus on code execution, a process running and memory, with additional fine-grained monitoring of syntax and interpreter output.  This has enabled detection of attacks that aren't easily identified using WAF, AV, Scanners, RASPs, especially without some prior rules developed based upon previous insight.  #KeepingItShort
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
When Older Windows Systems Won't Die
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Who replaced the "Scroll Lock" key with a "Screen Lock" key?
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172
PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
CVE-2019-12168
PUBLISHED: 2019-05-17
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
CVE-2019-12170
PUBLISHED: 2019-05-17
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...
CVE-2019-11644
PUBLISHED: 2019-05-17
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premi...