This article is part of Panther’s new Future of Cyber Attacks Series which features interviews with cyber security experts, thought leaders, and practitioners with a goal of better understanding what organizations can do to prepare themselves for the future of cyber attacks.
The following is an interview we recently had with Carlos Morales, Chief Technology Officer, at Neustar Security Services
How have cyber attacks evolved over the past 12 months?
It has been challenging for organizations to keep pace with emerging security threats in an increasingly borderless digital landscape. The global pandemic has accelerated digital transformations for most organizations and overwhelmed IT and security teams find themselves struggling to keep up with the expanded attack landscape. This has created a welcome playground for attackers to exploit which in turn has led to a surge in cyber security related activity across a variety of areas.
Ransomware may be getting all the headlines, but ransom-related distributed denial of service (RDDoS) attacks have also been a prominent threat, particularly over the last year. RDDoS attacks are where bad actors aim to extort would-be victims by threatening to take their systems offline via a DDoS attack. DDoS attack capabilities have evolved to a point where the attacks are relatively simple to launch, inexpensive to operate, and difficult to trace back to their origin. In a recent Neustar International Security Council (NISC) study, 44% of organizations said they were the target or victim of a RDDoS attack in the last 12 months, while 41% were on the receiving end of a ransomware attack. Companies who don’t invest in adequate defense software and services often find themselves forced to pay ransom in the $ millions following an attack. This is completely preventable.
Attackers are also targeting the victim’s ecosystem as an indirect method of bringing networks and services down, and in particular, we’ve seen a sharp uptick in DNS attacks. In a NISC survey conducted in September, 72% of respondents said their organization had experienced a DNS attack within the last 12 months. Of those targeted, 61% said they have seen multiple attacks and 11% reported being victimized regularly. DNS attacks can have an outsized impact on an organization, costing them valuable time, resources and revenue. 92% of respondents said their website is vital to business continuity and customer fulfilment. Nearly six in ten (58%) of those who had experienced a DNS-related attack saw business disrupted for more than an hour, and 14% took several hours to recover.
DDoS is not the only security concern around DNS. Domain hijacking, when a bad actor gains control of a target’s DNS information and makes unauthorized changes, can provide attackers with carte blanche access to customer data by re-directing their traffic to a site controlled by the attacker. Some countries (not to mention customers) will hold the target company responsible for any data leaks or breaches that occur during such events. Detecting such events quickly can mean the difference between a near miss and a mass data breach. We’ve also seen hackers take advantage of DNS tunneling to bypass security controls that enterprises have on HTTP, SSL, or FTP. Attackers are leveraging DNS as an open and established pathway to sneak other programs or code inside packets, which are crafted to be interpreted by security devices as legitimate DNS queries and responses. In doing so, they can enable and obscure both data exfiltration and infiltration and establish “command-and-control” (C2) channels without being detected.
To manage DNS security, organizations need to continuously analyze the DNS traffic leaving their organization, make sure they maintain good hygiene and access controls for DNS related accounts, and, most importantly, implement DNSSEC.
What lessons can be learned from the biggest cyber attacks in recent history?
It has become increasingly clear that in our modern connected digital world where customers expect everything to work at all times, if a brand’s site or network goes down, not only does its image take a hit – it could also mean the loss of millions in revenue. Preparedness in technology, services, organizational structure, and processes is critical to an organization’s ability to prevent an event from becoming catastrophic. This includes applying continuous improvement by monitoring the attack landscape, and adjusting defenses accordingly. Attackers are not standing still and are constantly employing new innovations, from generation 3 and 4 BOTs, to new social engineering techniques, to a growing ecosystem of attack tools. While there is no cybersecurity silver bullet, companies that prioritize constant improvement on security practices will lower their risk of having a major security event and of equal importance, will be in a position to recover more quickly.
What will cyber attacks look like in the future?
There are several major business advances on the horizon that will help drive the future of cyberthreats. Take 5G, for example. While 5G connectivity will dramatically speed up the pace of business and deliver a range of operational benefits, it also threatens to supercharge cyberattacks. The accelerating growth of IoT device deployments, many now connected via 5G to the internet, will expand the number of devices that can be exploited for attacks. Vulnerabilities will be easier for bad actors to find and exploit more quickly, attacks will be larger in scale and scope – and more interconnectedness of everything means their impact will be felt more broadly. Likewise, while we’re still likely several years out from a quantum computing breakthrough, when a quantum leap does happen, it will likely undo several of the bedrocks of security – like encryption – almost overnight, and lead to supermassive attacks that will dwarf even the largest ones we see today.
What are three pieces of advice for organizations looking to get ahead of the cyber attacks of the future?
While it’s difficult to have a concrete plan for the unknown, organizations need to watch these spaces carefully and have an active awareness of the kinds of threats they will unleash.
Every organization likely has a 5G rollout plan in the works. As part of that planning process they must understand that, by deploying 5G-enabled IoT devices at scale, they are creating new – and in many cases, unmanaged – points of entry. Considering that many connected devices are still being manufactured with poor security standards, organizations must work from the assumption that every aspect of 5G infrastructure is ‘compromised by design’ and develop methodologies to establish security and encryption outside the boundaries of the 5G infrastructure. While core 5G security principles will continue to be outlined at the government level, businesses must take proactive measures to boost protection levels, and security teams must educate themselves on the policies, procedures and standards required to successfully assess risk.
Quantum is a bit further out, but even though quantum computers don’t have the ability to solve current forms of encryption yet, it is critical to recognize the kinds of threats it poses and create quantum-proof solutions in preparation. Security teams need to have quantum on their radar and be aware of all encrypted data to ensure it is surrounded by 24/7 monitoring and threat intelligence tools, alongside robust security processes. Apart from this, security teams should investigate developments in quantum based security techniques. Like all technology advances, it’s an arms war and advantage goes to the side who can productize new innovations first.
Finally, organizations must be proactive in their approach to cybersecurity and prioritize safeguarding all IoT-based systems. Recognizing what data needs protecting is a key factor for developing a clear and cohesive security strategy. This allows organizations to successfully focus on their more vulnerable data, processes, and models, guarding valuable information from attacks moving forward. On a more granular level, they must ensure the appropriate controls are in place for threat vulnerability and patch management while also making certain that important data is identified and encrypted.