What can we all learn from the cyber threat landscape of 2018?

Every year, as a co-founder and member of the Neustar International Security Council, I attend The Neustar Cyber Summit, this year the summit was held at the OXO Tower in London and there really were some very interesting findings from the summit which I would like to share.

Rodney Joffe, Chairman of NISC, started to discuss where the Internet of Things fits into the equation.

‘The first thing to recognize is that the Internet of Things is a new phrase for something that’s existed for years. The only difference is scale.
Sometime in the late 1970s or early 1980s, some computer science students wired a Coca-Cola vending machine to the Internet. The students wanted to solve the problem of walking down three flights of stairs to the lobby only to discover there weren’t any cold Cokes in the machine.
It was one of the first devices wired to the Internet, and anyone could connect to it and ask for the status of the Cokes. So IoT isn’t really new. It’s probably best defined as all of the devices that can be connected to the Internet that don’t necessarily look like traditional computers. Items like smart power meters, smart lightbulbs and modern home thermostats, all the way to critical medical appliances and devices, jet engines and power turbines.

Because everyone is now focused on the IoT, we’re trying to develop rules around how all people, places and things interconnect. But millions of devices and things that are out there already are not secure, so we have to find ways of securing them and making sure that everything that gets added in the future is secure.
It’s no big deal if the Coke machine is wrong, but what if a nuclear-generating turbine goes down or if all the air-conditioning systems in a city go on at the same time because the smart meters that control the smart homes were compromised?

The other thing to recognize is that the industrial IoT is much larger than the consumer IoT. The breach of Target customer credit cards started when network credentials were stolen from an air-conditioning filtration vendor that had serviced various Target stores. Those credentials were used to hack into Target’s system, then install malware on a large number of the chain’s point-of-sale devices. The end result was brand damage for Target that has reverberations today.

The facts are, in 2016, we saw a number of huge attacks — many that exceeded 1Tbps. In 2017, by contrast, we saw fewer large distributed denial-of-service (DDoS) attacks, possibly because hackers were finding little advantage in taking a company completely offline. Another explanation is that hackers were simply enjoying the success of the previous year’s myriad of extortion and ransomware-oriented attacks, as well as the many DDoS associated data breaches.

So far in 2018, however, the big attacks are back with a vengeance. Earlier this year we saw the largest DDoS attack ever recorded — 1.35Tbps — using a new type of attack called Memcached, which will be discussed later. Then, a 1.7Tbps DDoS attack was recorded. Previous amplification attacks, such as DNSSEC, returned a multiplication factor of 217 times, but Memcached attacks returned amplification records exceeding 51,000 times! In fact, the potential return from Memcached attacks is so large that they do not require the use of botnets, making them a new and dangerous risk vector.

We are hoping that these attacks will go the way of the Simple Service Discovery Protocol (SSDP) amplification attacks, which used the protocol designed to advertise and find plug-and-play devices as a vector. SSDP amplification attacks are easily mitigated with a few simple steps, including blocking inbound UDP port 1900 on the firewall. There are similar steps that organizations can take to mitigate Memcached attacks, including not exposing servers and closing off ports, but until then, Neustar is prepared.

This year we are also seeing different uses for DDoS beyond simple volumetric attacks, including what we call quantum attacks. Quantum attacks are relatively small and designed to bypass endpoint security and avoid triggering cloud failover mitigation. These attacks are being used for scouting and reconnaissance. In a recent incident, Neustar stopped a quantum attack that never peaked over 300 Mbps, but it featured 15 different attack vectors, went on for 90 minutes, and involved all of Neustar’s globally distributed scrubbing centers.
This attack came from all over the world and was designed to bypass perimeter hardware, using protocols to circumvent their defenses. The attackers behind such campaigns may start small, but they can quickly add botnets, attack vectors, and ports to get what they want.

Neustar recently thwarted what is believed to be the first IPv6 attack. This attack presented a new direction that attackers are likely to pursue as more and more companies adopt IPv6 and run dual IPv4/IPv6 stacks. We believe that IPv6 vectors will continue to emerge as organizations around the world move to adopt the new standard.

You can also expect to see more Layer 7 (application layer) attacks, including those targeting DNS services with HTTP and HTTPS requests. These attacks are often designed to target applications in a way that mimics actual requests, which can make them particularly difficult to detect. It is important to note, however, that Layer 7 attacks are typically only part of a multi-vector DDoS attack. The other parts are aimed at the network and overall bandwidth.

DDoS attacks can be found in a multitude of sizes and for any reason imaginable. They can now be used to find vulnerabilities, to locate backdoors for exfiltration, and as a smokescreen-like distraction for other activities. Today’s organized criminals are able to focus on the results that they want and simply buy or rent the malware or botnets they need to get there. Some have gone so far as to comment that criminals are getting more and more like corporations, each with their own specialization.

The simple fact is that if you’re online, you’re susceptible to an attack. Whether you are vulnerable or not is entirely up to you.

The summit and Rodney Joffe’s keynote was incredibly insightful, but where does that leave us today and how can we guard against such threats in our business and personal lives?

A New York Times report reveals another cyberattack using stolen NSA hacking tools, and experts warn computer systems are not prepared for even more widespread attacks likely in the future. Max Everett, the managing director at Fortalice Solutions, joins CBSN to discuss the threat.

Cybersecurity expert warns the world is not ready.

We can all agree over the course of 2018, global cyber threats have continued to evolve at speed, resulting in a dramatic reshaping of the cyber security landscape. Traditional threats such as generic trojans, ransomware and spam bots were transformed.

After years of focusing on individuals, malware authors will increasingly target enterprises and networks of computers.
Powered by military-grade code allegedly leaked from the NSA, threats such as WannaCry and GoldenEye wrought havoc throughout, shutting down businesses and causing unprecedented operating losses.

The effectiveness of these threats has been compounded by novel lateral movement vectors that augment zero-day exploits such as EternalBlue and EternalRomance, allowing malware to ‘hop’ from one network to another, from organisation to organisation. These targeted attacks are reshaping corporate and government digital security, whilst simultaneously causing fallout in the consumer space.

Ransomware specifically aimed at companies has also become far more prevalent. Since the re-emergence this March of Troldesh, companies have faced extremely targeted attacks that abuse the Remote Desktop Protocol to connect to infrastructure, then manually infect computers.

Certain strains of ransomware such as Troldesh and GlobeImposter come equipped with lateral movement tools (such as Mimikatz), allowing malware to infect an organisation and log clean-up mechanisms to cover their tracks.

Following a surge of market interest around cryptocurrencies that has continued through 2018 and into 2019, miners have diversified and proliferated. Traditional illicit coin miners have rushed to adopt lateral movement tactics such as the EternalBlue and EternalRomance exploits, allowing cybercriminals to infect computers in organisations and increase mining efforts.

Based on threat developments in 2018, organisations should essentially prepare for more sophisticated iterations of malware based on the same theme in 2019.

After years of focusing on individuals, malware authors will increasingly target enterprises and networks of computers. Lateral movement will become standard in most malware samples, either via password-grabbing utilities like Mimikatz, or by exploiting wormable vulnerabilities. In addition, the number of malicious attachments in SPAM emails will increase, particularly those written in scripting languages such as PERL or Python.

“All the world’s a stage/ And all the men and women merely players”; Shakespeare’s famous line makes us consider each person an ‘actor’ in their own right, with their own individual role to play. And when looking across the cyber threat landscape, this rings especially true – each actor has their own motivations and distinct part to play.
When the proverbial hits the fan, it’s typical for the victim – a business or government entity – to focus on the indicators of compromise (IoC) rather than what led to the attack in the first place.

Looking at IoCs is an essential part of a cyber defence strategy and can help victims identify who is targeting them. But it’s a reactive approach, which doesn’t help once your organisation has been breached.

This rear-facing view is also reflected in the cyber sensationalist news narrative. The media tend to focus on the number of attacks – a vanity metric – but rarely on its complexity, length, or who was behind it, and what their motivations were for attacking the organisation in the first place.

IoCs tend to change very quickly, the actor behind does not, nor their objectives and tactics, techniques and procedures (TTPs). For example, US-CERT’s release of the Grizzly Steppe malicious Russian activity was complex in that many of the IoCs that were provided were false positives or TOR exit nodes, making it difficult for companies to make sense of them and ingest.

As such, it’s vital that organisations look to understand the actor – their motive, opportunity and means – and not merely read into the IoCs if they are to protect themselves from potential attack.

Threat intelligence highlights IoCs around an attack, such as that the actor was using cheap outsourced labour to perpetuate the attack, was using a particular hosting platform, or shared infrastructure.

IP addresses and domain names change very quickly, but the adversary’s motive does not. Knowing this is the first step towards changing an organisations’ security stance to mitigate the threat, identifying the indicators of attack (IoAs) rather than just the IoCs. Without intelligence, this would be impossible.

The type of malicious actor organisations must deal with will differ. Some may be state-sponsored, for example, carrying out cyber espionage on behalf of a nation. Others may be hacktivists, looking to incite political change, or cyber criminals looking to make a profit.
Understanding the bigger picture beyond the impact of the attack itself is critical if the good guys are going to triumph over the bad. Intelligence plays a key role in getting to the core of that bad apple.

STIX, the standardised language to represent structured information about cyber threats, helps to store and share information on actors and TTPs. It has become the de facto standard for information sharing in cyber threat intelligence as it facilitates automation and human assisted analysis.

Finally, it’s worth remembering that intelligence is not a silver bullet. It’s a part of a wider puzzle that enterprises need to put together in order to give themselves the best chance of defence against a cyber attack.

Security needs to be seen as an architecture, embedded in the foundation of an organisation. Hygiene factors such as ongoing patch management and end-user training also need to be considered.

The human element behind an attack is often forgotten. However, analysts can create a ‘big picture’ of the lifecycle and ecosystem of hackers by adding in the more specific details.

Enterprises and governments are under a constant barrage of cyber attacks. With the threat landscape evolving and attacks becoming ever-more sophisticated, having time to stop and think about the actor behind the malicious intent may seem like a luxury.
However, businesses need to start looking at cyberattacks from the adversary’s perspective to understand what is most attractive to an attacker. Without this understanding, the problem will persist and the next newspaper headline will feature their name.

In summary, the question is not whether you will be attacked. It is when, by what, and how badly your company’s reputation or finances will be damaged. And one thing is sure in the uncertain world of cybersecurity – the wrong time to consider defence is after the attack has occurred.

James Comey once said:
“We face cyber threats from state-sponsored hackers, hackers for hire, global cyber syndicates, and terrorists. They seek our state secrets, our trade secrets, our technology, and our ideas – things of incredible value to all of us. They seek to strike our critical infrastructure and to harm our economy. “

Guest-blog: David Priseman – The future of technology in home-care for the elderly

David Priseman

Technology is currently critical to home health care. Future advances in home health care technologies have the potential not only to facilitate the role of home health care within the overall health care system but also to help foster community-based independence for individuals.

Today I have the pleasure of introducing another Guest Blogger, David Priseman, who is an accomplished Executive Director. David had a career in consultancy and banking, including spells abroad with two major European banks and has worked for several years in the field of private equity and alternative finance as well as an advisor to SMEs. He has considerable board experience and currently chairs a mid-sized care home group and is a non-executive director of a small but ambitious technology company. He has a particular interest in how technology can address the challenges of the care sector, which is often slow to adopt innovation.

David is going to discuss with us today the future of technology in home-care for the elderly.

Both councils and families strive to keep the elderly living in their own home for as long as possible. Councils see a simple cost advantage in doing so, whilst families also like the idea that mum (statistically, it is usually mum) can still live at home.

However the reality of a single elderly person living at home on her own can be far from the rosy ideal. There is an alternative image of a harassed care worker rushing into an elderly person’s home, quickly heating up a tin of baked beans then 15 minutes later rushing out of the door. Yet this might be the only contact the person has with anyone until the same or a different care worker rushes by the next day.

Domiciliary care, like residential care, is difficult to provide effectively and profitably. Companies are handing back council care contracts as they cannot operate at the fee levels on offer (1). Staff recruitment and retention is a permanent challenge.

Councils are reluctant or unable to pay more than £15/hour, which is not financially viable for home-care providers, who now have to pay employees a higher minimum wage as well as their travel costs. However it can be viable at £20/hour. With care home costs around the £1,000/week level, half this amount would buy 25 hours of home-care per week. As the number of residential care beds is in slight decline whilst the number of elderly people is projected to rise steeply, this implies that the number of elderly people living at home will also rise. With this could come a significant growth in the self-payer home-care market.

People living at home are exposed to the risk of physical vulnerability, slow and inappropriate care delivery and social isolation. However the recent development of new technologies may in combination significantly improve the social and care experience for such people.

The unpredictability of the number of hours worked together with the short term notice of rotas and sudden changes in rotas are a major cause of high home-care worker turnover (2) and a headache for domiciliary care providers. However a range of competing software and apps have now been developed to mitigate (though not remove) this challenge. This can improve the efficiency of staff scheduling from a provider’s view point, addressing one of the main sources of dissatisfaction of employees whilst also introducing flexibility for the elderly resident.

Many elderly people have traditionally had a regular, perhaps weekly, phone call with their children. Some now conduct this through Sype. In addition, some families have installed a videocam or webcam in their parent’s home, usually in the kitchen or lounge/dining room, so they can see mum. This helps to maintain social contact and give reassurances about mum’s safety and wellbeing.

The development of ‘wearable technology’ should become more widespread. Currently the dominant application is for fitness monitoring during exercise, however it will increasingly move over to healthcare monitoring. This can be a watch or a monitor which is worn as an arm panel or in the future may be embedded in clothing; in all cases it measures certain of the wearer’s vital signs.
At present, these are mostly used in hospitals to reduce the requirement of nurses, of whom there is a well-documented shortage, to conduct routine patient checks. Instead, the data are transmitted to a cloud-based server and if a vital sign reading crosses a warning threshold this immediately signals an alert. In time, these devices will migrate to the residential setting.
This will speed up the awareness and treatment of a wearer’s condition. Major medical devices companies such as Medtronics and GE are active in this area, which has also seen technology start ups enter the market, such as EarlySense and Snap40. (3)

The internet of things (IoT) is rapidly increasing the number of internet-connected devices in the home. This can be used in a number of ways to improve the safety of elderly people living at home. For example, many people get up, go to the toilet, have a cup of tea and open the curtains. Sensors can detect whether or not the toilet has been flushed, the kettle boiled and the curtains opened, and if any of these things has not happened by say 9am then an alert would be triggered. (4)

One of the main problems facing the elderly living alone is loneliness and the lack of contact with others. Here, a combination of technologies is emerging to provide at least a partial solution. Awareness has recently increased of Amazon’s Alexa voice-controlled system which can search the internet, answer questions and respond to simple commands. Apple’s Siri and Microsoft’s Cortana are similar and rival devices.
Owing to improvements in voice recognition and AI, it will increasingly be possible to have an interactive ‘conversation’ with such devices. At some point, it may be possible to combine this with the face of a person on a screen or even a hologram of a person in the room to create the impression that a human is having a conversation with and maybe even developing a relationship with an intelligent machine-based ‘person’.
This idea has been explored in television and film, for example the science-fiction drama Her when a man develops a romantic relationship with his computer’s feminised operating system (5). Soon, it may become reality and even commonplace.

Finally, more than one of these technologies may combine in a way that provides care monitoring, practical assistance and companionship. Developed countries all have aging populations so the need to find solutions is urgent and many companies and universities are conducting research into this area, such as robotics with AI (6). New market opportunities are emerging to integrate and package appropriate technology solutions.

The vulnerable elderly living on their own at home have often been poorly served to date. Yet the number of such people is poised to continue to rise steeply. However a number of technologies are now being developed in parallel to tackle the problems they face. The result may be an improved care environment for the elderly at home: safer, reliable, better supported and less isolated. Such a future could be with us sooner than we think.

You can contact David Priseman on LinkedIn or by email: davidpriseman @ btconnect.com (remove spaces).

References

1. http://www.bbc.co.uk/news/uk-39321579
2. http://timewise.co.uk/wp-content/uploads/2014/02/1957-Timewise-Caring-by-Design-report-Under-200MB.pdf
3. http://www.earlysense.com/ and http://www.snap40.com/
4. https://www.ibm.com/blogs/internet-of-things/internet-caring/ and https://www.ibm.com/blogs/internet-of-things/elderly-independent-smart-home/
5. http://www.herthemovie.com/#/about
6. http://www.bbc.co.uk/news/business-39255244

Exactly what is the future in Technology?

Technology forecasting is a completely unpredictable endeavour. No one wants to be a false prophet with a prediction so immediate that it can be easily proven incorrect in short order, but long-term predictions can be even harder. And yet even though people know predictions can be a waste of time, they still want to know: What’s next? Wishy-washy tech timelines only makes prognostication more difficult, as entrepreneurs and researchers stumble around in the dense fog of developing prototypes, performing clinical trials, courting investors, and other time-consuming steps required for marketable innovation. It’s easy to hit a wall at any point in the process, causing delays or even the termination of a project.

In the year 1820, a person could expect to live less than 35 years, 94% of the global population lived in extreme poverty, and less that 20% of the population was literate. Today, human life expectancy is over 70 years, less that 10% of the global population lives in extreme poverty, and over 80% of people are literate. These improvements are due mainly to advances in technology, beginning in the industrial age and continuing today in the information age.

A very good friend of mine is a global technologist, I brought together in January a very collective group of distinguished individuals for a dinner, I named the dinner ‘the great minds dinner’ This was a great opportunity to stimulate the subject of what technology is working in the world, what is technology is emerging, what technology is not working in the world and more importantly what needs to change in order to accommodate all the prototypes of technology that appear to stay in the lab or on the shelf.

It is clear currently that thought leaders and so-called world futurists on the subject of technology can dish out some exciting and downright scary visions for the future of machines and science that either enhance or replace activities and products near and dear to us.

Being beamed from one location to another by teleportation was supposed to be right around the corner/in our lifetime/just decades away, but it hasn’t become possible yet. Inventions like the VCR that were once high tech — and now aren’t — proved challenging for some: The VCR became obsolete before many of us learned how to program one. And who knew that working with atoms and molecules would become the future of technology? The futurists, of course.

Forecasting the future of technology is for dreamers who hope to innovate better tools — and for the mainstream people who hope to benefit from the new and improved. Many inventions are born in the lab and never make it into the consumer market, while others evolve beyond the pace of putting good regulations on their use.

There are many exciting new technologies that will continue to transform the world and improve human welfare.

Here is a very interesting infographic researched by the National Academy of Sciences from their Smart Things Living Report
(click to expand in new tab):

The world around us is changing. In labs and living rooms around the world, people are creating new technologies and finding new applications for existing and emerging technologies. The products and services available to everyone thus expand exponentially every year. In the next five years, then, you can expect massive growth in what we can do.

Beyond 2018: Dr Michio Kaku on the Future in the Next 5-10-20 Years.

Irrespective of all the possible forecasting in long range planning, I personally believe there are 3 imminent areas in particular will provide important developments in the next 5 years.

1. Augmented Reality Will Explode
Technology mavens have talked for years about virtual reality and the applications available. Augmented reality is related, but allows us to lay the virtual world over the real world. Games like Pokemon Go provide examples of how this works; you use technology to “see” virtual creatures and items in real spaces.

Beyond fun and games, this technology provides a wealth of planning potential. You can drive your car, and arrows will appear on your road, guiding you to the right path. You can create visual representations of organizing tasks, building endeavors, and almost anything else that you want to see before you start working. Manuals will virtually overlay real items to be joined together – everyone will actually be able to construct an Ikea bed. The technology is here; ways to use it are just beginning to emerge.

2. Mobile Apps Will Decline
At the same time, the ubiquitous world of mobile apps will begin to slip back. The ways in which we connect to the world often require us to work through a smartphone or tablet. The mobile app ties us to devices; you have no doubt seen rooms full of people who never make eye contact, only staring at small screens. The cost of developing sophisticated apps and the marketing efforts needed to place your App on the most expensive “real estate” in the world, does not always give a return on investment.

3. The Internet of Things Will Grow Exponentially
Availability and affordability of connected devices grow each year. We connect massive data networks to our homes, vehicles, and personal health monitors already. The ability to connect more devices, appliances, and objects to these networks means companies will know more about those they serve than ever before. Almost any device with electronic components can be configured for the IoT, and in the next five years, more will.

It should be abundantly clear now why analysis of the tech trends shaping the future might seem like science fiction. But researchers from UC-Berkeley to MIT are pulling the present sometimes step by step, sometimes by leaps and bounds into the future.

The next few decades will feel this disruption, often in startling ways. Indeed, while the technical hurdles to advancing these technologies are fascinating, we see people writing about that the ethical and social dimensions of the changes they bring are the most interesting and troubling.

You can clearly see how the allied sciences and complementary developments of these trends will reshape our world, our lives, and our work. Millions will find that the skills they bring to the table simply can’t compete with smart automation. Legions of
drivers, for instance, will soon find themselves unemployable.

And as AI continues to develop in tandem with robotics, the IoT, and big data, even the engineers and scientists who now design these systems will find themselves competing with their creations.

All of these developments I have touched on in this blog will require you to examine closely not only what is possible, but how privacy laws, intellectual property issues and the corporate ecosystems interact with those possibilities. Nevertheless, I am confident that within the lives of your grandchildren, now incurable illnesses will fall to bio, nano, and neurotech. And sure that ignorance will slowly become things children learn about rather than experience first-hand.

Finally, the technology I have discussed really are the shaping things to come, the technologies that will define life for decades.

Are you ready for the future? Ready to embrace the changes that are coming?

As Albert Einstein once said:

“It has become appallingly obvious that our technology has exceeded our humanity.”