Story image

Evolving threat landscape means we need to think differently

04 Nov 16

McAfee's CTO, Steve Grobman, says "The industry needs to think about threats differently. It's not just about malware. We need to think about the types of environments that are going to be impacted".

Whereas most threats used to be considered in terms of the single devices they attacked or breached, the shift to cloud and multi-tenanted environments and a greater variety of end-point devices are forcing everyone to rethink their security plan.

"We have to think about non-traditional devices. If we haven't learned anything other than the criticality that cybersecurity matters for the very cheap to the very expensive from the Dyn incident, it's critical that we think about that, " adds Grobman.

Grobman says manufacturers must look at the entire security lifecycle for all devices from the very cheap to the very expensive. He showed demonstrations of three different devices being breached during a private briefing during the recent Intel Focus conference.

The devices, a WeMo Insight Switch, an Almond router and a Kenwood car stereo head unit, were all exploited by Grobman. And while the hack on the switch caused a minor irritation – a lamp was switched on and off repeatedly – the router was attacked with ransomware rendering it useless and the head unit was compromised so that its interaction with in-car systems was impacted.

Brian Krebs, whose site was compromised by a DDoS attack that exploited vulnerable IoT devices, has published a list of the devices that were used. That was done by an analysis of the username and passwords used by the Mirai malware.

However, there are devices in homes and offices now that run firmware but have had connectivity added to them later.

"I think that's a big part of the problem that we see in IoT," says Grobman. "Many devices or components were developed with the assumption they would never have external connectivity. The fact there's a vulnerability in firmware that's never connected doesn't really matter".

But with increased connectivity in devices, this is becoming a new threat surface. And there's pressure on manufacturers to keep prices of devices low, resulting in security being overlooked.

This is why a new approach is needed says, Grobman.

As well as the explosion of IoT, enterprises are increasingly reliant on new architectures in shared-service environments. For example, with the use container engines to provide services has changed how applications are secured.

Today, if a someone requires a web server, instead of creating a server and installing an operating system and web server software, service providers now deliver very small footprint containers that can run a web server on a minimal code base comprising of only the bare essentials needed. This reduces the threat surface significantly.

Grobman says "For the highly reputable service providers, they do a good job in running a security assurance programs to minimise the risks that there will be escapes from containers".

But he notes there have been hacks in the past that have managed to break out of virtual machines, so it's important to remain vigilant and continue improving security.

"Every time we've added a new security architecture, it eventually has vulnerabilities," says Grobman. "There's no reason to think we won't see issues over time".

As organisations embrace these new technologies, their risk position will change, and that will necessitate continual evolution. 

In addition, the ability for containers and virtual machines to be spun up, used and destroyed – sometimes in seconds – for specific tasks makes forensic detection and investigation more difficult. The same processes we are using to improve security can be exploited by threat actors to obfuscate their tracks

AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.