Story image

Evolving threat landscape means we need to think differently

04 Nov 2016

McAfee's CTO, Steve Grobman, says "The industry needs to think about threats differently. It's not just about malware. We need to think about the types of environments that are going to be impacted".

Whereas most threats used to be considered in terms of the single devices they attacked or breached, the shift to cloud and multi-tenanted environments and a greater variety of end-point devices are forcing everyone to rethink their security plan.

"We have to think about non-traditional devices. If we haven't learned anything other than the criticality that cybersecurity matters for the very cheap to the very expensive from the Dyn incident, it's critical that we think about that, " adds Grobman.

Grobman says manufacturers must look at the entire security lifecycle for all devices from the very cheap to the very expensive. He showed demonstrations of three different devices being breached during a private briefing during the recent Intel Focus conference.

The devices, a WeMo Insight Switch, an Almond router and a Kenwood car stereo head unit, were all exploited by Grobman. And while the hack on the switch caused a minor irritation – a lamp was switched on and off repeatedly – the router was attacked with ransomware rendering it useless and the head unit was compromised so that its interaction with in-car systems was impacted.

Brian Krebs, whose site was compromised by a DDoS attack that exploited vulnerable IoT devices, has published a list of the devices that were used. That was done by an analysis of the username and passwords used by the Mirai malware.

However, there are devices in homes and offices now that run firmware but have had connectivity added to them later.

"I think that's a big part of the problem that we see in IoT," says Grobman. "Many devices or components were developed with the assumption they would never have external connectivity. The fact there's a vulnerability in firmware that's never connected doesn't really matter".

But with increased connectivity in devices, this is becoming a new threat surface. And there's pressure on manufacturers to keep prices of devices low, resulting in security being overlooked.

This is why a new approach is needed says, Grobman.

As well as the explosion of IoT, enterprises are increasingly reliant on new architectures in shared-service environments. For example, with the use container engines to provide services has changed how applications are secured.

Today, if a someone requires a web server, instead of creating a server and installing an operating system and web server software, service providers now deliver very small footprint containers that can run a web server on a minimal code base comprising of only the bare essentials needed. This reduces the threat surface significantly.

Grobman says "For the highly reputable service providers, they do a good job in running a security assurance programs to minimise the risks that there will be escapes from containers".

But he notes there have been hacks in the past that have managed to break out of virtual machines, so it's important to remain vigilant and continue improving security.

"Every time we've added a new security architecture, it eventually has vulnerabilities," says Grobman. "There's no reason to think we won't see issues over time".

As organisations embrace these new technologies, their risk position will change, and that will necessitate continual evolution. 

In addition, the ability for containers and virtual machines to be spun up, used and destroyed – sometimes in seconds – for specific tasks makes forensic detection and investigation more difficult. The same processes we are using to improve security can be exploited by threat actors to obfuscate their tracks

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.