Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

3/28/2019
06:00 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Inside Cyber Battlefields, the Newest Domain of War

In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.

BLACK HAT ASIA 2019 – Singapore –The nature of war has moved across land, sea, air, and space. Now we find ourselves in the cyber domain, where a new arms race will challenge defenders as adversaries adopt new tools, technologies, and techniques.

Mikko Hypponen, chief research officer at F-Secure, today took the stage at Black Hat Asia to discuss the implications of cyber warfare and how it will present challenges not seen before. The nuclear arms race, which he noted lasted about 60 years, is behind us. Today's conflicts unfold differently; as a result, we have different domains for different types of fighting.

"Technology has changed where wars are fought," Hypponen explained in an interview with Dark Reading. When the Internet was first built, he continued, geographical lines didn't seem to exist. It seemed a kind of borderless utopia where cross-country collaboration may be possible. Now, as we know, times have changed, andwars are now fought online.

Just as the domain of war has changed, so, too, have tools used in battle. We're no longer as worried about nuclear weapons as we were 20 years ago, Hypponen said. Nuclear weapons, only used twice in human history, are built on the power of deterrence. You know who has nuclear weapons and avoid conflict with them because of this power. The number of traditional weapons fighter jets, bombers, and aircraft carriers in each country can be learned via Google.

"We know exactly how many tanks the Russians have. We know exactly how many aircraft carriers the US has," Hypponen explained, pointing to a screenshot of this information found online.

Digital weapons are poor in creating deterrence because nobody knows who has which tools. They are effective, affordable, and deniable – a dangerous combination of traits. "There are very few weapons that have deniability," Hypponen emphasized. "Cyber weapons have that."

It's one of many qualities that make digital weapons particularly nefarious. Like guns and cannons of the past, cyber weapons also rot over time. The problem is, there's no way of knowing when their expiration dates will arrive. Offensive toolkits used in the military include exploits targeting vulnerabilities that security researchers are constantly hunting and patching.

Because they don't know how long their tools will be viable, militaries have no guarantee their investment in digital weapons will yield an ROI. This creates a scenario in which it's likely those attacks will end up being used so they can justify the cost of building them, Hypponen added.

Nation-States vs. Cybercriminals: Defensive Tactics
Today's government cyberattacks are predominantly for spying and espionage, and Hypponen noted the importance of distinguishing between spying and warfare. Most cybercriminals are after money. If a cybercriminal targets your organization, chances are they're not particularly interested in the business itself. They're looking for quick, easy cash.

Businesses don't need advanced defenses to keep cybercrime at bay, Hypponen explained. If someone is seeking money and their target makes it difficult or expensive, they'll move on to a victim with weaker defenses. "The Internet is a garden of low-handed fruit," Hypponen added.

Nation-states are different. They won't change their mindset or swap targets. They're following orders to break into a specific organization and steal data. They'll keep at it until they succeed.

There are ways of fighting back, he continued. When an attacker creates unique Trojans or backdoors, for example, you can use those to detect them by reputation. Hypponen also advises companies to avoid building defenses like a fortress. High walls won't prevent attackers from getting in – and the larger a network is, the more likely it will be breached.

Knowing your outside defenses will fail should change security experts' mindset. Instead of focusing on the perimeter, focus on what's inside the network. You're more likely to spot intruders early, which will help your ability to detect attacks and respond faster.

What Comes After Cyber?
"I believe we are in the very beginning of the cyber arms race," Hypponen said. Still, he added, "it's important to remember this isn't where it ends; there will be new domains." While it's hard to imagine what comes after cyber, mankind will never stop fighting. New conflicts will emerge.

Robotics and drones come to mind, he continued. Both already exist; however, ethics pose a challenge in development. We don't like the idea of machines deciding who is killed, Hypponen explained, but different forces are driving us to war in a world where machines will kill on their own. Artificial intelligence (AI) and machine learning, both modern buzzwords in cyberspace, have potential to drive this.

We still have to define what we mean by AI and machine learning, he continued. We also have to be very, very careful about where technology companies draw the line as they race to build genuine AI. This concerns Hypponen in the rush to AI development.

"When you're in a race, what you don't do is stop and look around and make sure you're doing everything carefully," he pointed out.

Hypponen said he anticipates we'll see machine learning in real-world cyberattacks as the barrier to entry lowers. Today, you have to be a computer science gradute to deploy a machine learning system. But in 10 years, or five years, these systems will be so easy to deploy that anyone could do it – and they will. The lack of skill protects us now; it won't protect us much longer.

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
California4
50%
50%
California4,
User Rank: Apprentice
3/28/2019 | 6:03:24 PM
New focus on detection
The difference between cybercriminals and nation -states -- nailed it.  "Instead of focusing on the perimeter, focus on what's inside the network. You're more likely to spot intruders early, which will help your ability to detect attacks and respond faster."  We've been putting this theory to the test with large organizations and agencies around the world.  Using new technologies on the market we have been gaining visibility into attackers by keeping the focus on code execution, a process running and memory, with additional fine-grained monitoring of syntax and interpreter output.  This has enabled detection of attacks that aren't easily identified using WAF, AV, Scanners, RASPs, especially without some prior rules developed based upon previous insight.  #KeepingItShort
blodgettcalvin
50%
50%
blodgettcalvin,
User Rank: Apprentice
4/1/2019 | 4:21:30 AM
Re: New focus on detection
Useful and very interesting article, thank you.
ThomasMaloney
50%
50%
ThomasMaloney,
User Rank: Apprentice
4/16/2019 | 2:45:31 AM
Up our game!
So wars are taking place on the digital side of the world now? Have we really been too complacent with tech advancements that we completely overlook the security portion of what we have been using? There have been way too many cases of security lapses when organizations become too lax with their security efforts. We really need to up our game for our own sake!
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14230
PUBLISHED: 2019-07-21
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. One could exploit the id parameter in the set_count ajax nopriv handler due to there being no sanitization prior to use in a SQL query in saveQuestionVote. This allows an unauthenticated/unprivileged user ...
CVE-2019-14231
PUBLISHED: 2019-07-21
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.2 for WordPress. One could exploit the points parameter in the ob_get_results ajax nopriv handler due to there being no sanitization prior to use in a SQL query in getResultByPointsTrivia. This allows an unauthenticated/un...
CVE-2019-14207
PUBLISHED: 2019-07-21
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object (caused by an append error).
CVE-2019-14208
PUBLISHED: 2019-07-21
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary.
CVE-2019-14209
PUBLISHED: 2019-07-21
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap Corruption due to data desynchrony when adding AcroForm.