sb-nz logo
Story image

Threat actors embrace metadata as the underrated weapon in cyber war

18 Jul 2017

Metadata – the data that describes other data – is a security threat that goes underreported but is also a powerful threat to national security, according to a new survey from the Institute for Critical Infrastructure Technology (ICIT).

According to senior fellow James Scott, metadata exploits are becoming more common as attackers take advantage of organisations’ main weaknesses, their people.

Scott says that organisations can invest large amounts in personnel and training but in the end, organisations can’t stop relying on people and people’s characteristics are ‘difficult or impossible to change’.

Scott’s research paper, titled Metadata: The Most Potent Weapon in This Cyberwar, says metadata is collected and used to describe data, find trends, apply algorithms and model scenarios. The issue is that personally identifiable information can be gleaned from the metadata. Scott says that hacked metadata can be sold through the dark web, putting victims and organisations at risk.

Deep Panda APT, a Chinese state-sponsored hacking group, was able to retrieve 22.1 million confidential forms in a 2015 OPM breach against the United States. Scott says the information contained both demographic and psychographic information about critical infrastructure personnel and clearance applicants.

When used in conjunction with artificial intelligence algorithms, Scott says the stolen information can be combined with purchasable data from ISPs to form a complete picture.

He also says that big data analytics can be used to re-identify anyone based on metadata. Medical records are a prime example, but this can also be tied to a user’s web browsing habits.

“How many users start their workday by logging on, checking email, and then navigating to the same two or three news sites or web portals? Cybercriminals can capitalize on psychographic and demographic re-identification in lucrative blackmail schemes against any politician or public figure that can be linked to unconventional or embarrassing online activity,” he explains.

Scott also relates the healthcare industry’s electronic records to metadata vulnerabilities, naming the WannaCry attack as a major blow against securing medical systems.

“If a single infected BYOD device enters a hospital, the medical network connecting multiple hospitals could be infected and crippled in minutes or hours. Recent efforts have attempted to modernize medical systems, protect medical devices behind layered security, and train staff in basic cyber-hygiene,” he states.

“The adoption of modernized systems and layered defenses will do little to deter the onslaught of malicious campaigns if adversaries can precision target exhausted, over-exerted, and un-cyber-hygienic personnel in metadata-driven social engineering campaigns.”

However metadata is not limited to what’s for sale on the Dark Web: Scott says that metadata and machine learning collected by agencies such as Facebook can determine whether or not users are depressed, or whether they are likely to join terrorist groups such as ISIS.

“Self-polarized lone wolf threat actors are the meta-variant of terrorist. Isolated, depressed, and mentally unstable individuals are prime targets for extremist conscription. These users can be trivially targeted even from pseudo-anonymous metadata because the actual identity of the target does not matter; the threat actor just needs an IP address, email, or social media account to establish initial contact,” he says in the report.

What that ultimately means for organisations is that while metadata is bought and sold both legitimately and on the Dark Web, it is a major risk to all industries including healthcare, national security and consumers.

“Cyberwarfare is already being waged in the kinetic, digital, and mental realms using metadata as the primary weapon to successfully target and compromise public and private entities. Regulating the exchange of customer information, 28 limiting dragnet surveillance initiatives, mandating the security of data in transit, storage, and processing and prohibiting ISPs from haphazardly and negligently capitalizing from their paying customers, are the only ways to mitigate the emerging meta-data driven cyberwar.”

Story image
Sophos named a Numbering Authority in CVE programme
The programme, which runs an open data registry of vulnerabilities, enables programme stakeholders to correlate vulnerability information used to protect systems against attacks. More
Story image
IT professionals destroying end-of-life hardware over fears of data breaches - report
IT directors are destroying end of life tech hardware as opposed to erasing its data out of fear of making a mistake and facing data breaches.More
Story image
Cybersecurity spending to increase following SolarWinds hacking
Hackers breached software provider SolarWinds, directly infecting the company’s Orion software as well as several local, state and federal agencies.More
Story image
As digital transformation grows in A/NZ companies, misconceptions about their role in cloud security abound
While an 81% majority of A/NZ organisations are accelerating their digital transformation, a giant 99% of surveyed respondents say they believe their cloud security provider provides enough protection, according to a Trend Micro study. More
Story image
Dark net vendors wanting Bitcoin payments for unverified COVID-19 vaccines
As the medicines are being offered on the dark net, purchasers have no way of knowing whether they are genuine, according to Check Point.More
Story image
APAC secure content management market to hit $2.2 billion by 2024
The proliferation of cloud-based deployments will largely drive this, the report says, as the COVID-19 pandemic motivates more enterprises to move their workloads to the cloud and rely more on the internet. More