Trending in Cybersecurity Approaches

Cyber-attacks and cybersecurity has been a trending issue during the last year, with “WannaCry” ransomware making headlines. This attack caught attention because of its damage perimeter (affecting many people and important companies). However, cyber-attacks aren’t made up of only this ransomware and is starting to carry more and more importance as we and everything around us get more connected to the internet. We become vulnerable to attacks due to the increase in IoT and social media, and this brings the necessity of unbreachable cybersecurity systems.

Sandboxing

One of the security mechanisms that is used widely is sandboxing. This mechanism dedicates a specific environment that a certain code can work in and so allows execution of suspicious programs in isolation, to prevent any possible harm to the host machine itself. Although, this is a mechanism that everyone takes for granted, it actually carries more importance than it seems. For example, Apple was sued in 2013 because of sharing user data with downloaded apps without consent. It was claimed that Apple had been false advertising saying that its sandboxing feature restricted app’s access to user data unless asked for permission. Recent updates on the case highlight how trusting a software’s sandboxing is not enough for cybersecurity. [3] In addition, McAfee Labs’ 2017 Threat report indicates that anti-sandboxing is now the “most common evasion technique at 23.3%”.[4] According to the report, the number of malware variants are increasing and total mobile malware has reached its highest value. [4] Therefore, cybersecurity mechanisms should be developed and evolve to suit current security needs.

User Behavior Analytics (UBA)

UBA is another security mechanism that is on demand, because it targets insider threats rather than only focusing on preventing outside attacks. This mechanism is essential to minimize the damage that could be caused after a security breach from the outside or directly from the insider threats. The only problem with UBA is that it cannot interpret and evaluate the log and application data it collects from the inside users. [1] Therefore, using AI and machine learning to improve and train the UBA apps is the current approach to be able to detect anomalies more clearly. IBM QRadar UBA app breaks the norm by using machine learning to detect suspicious user behavior instead of the rule-based analytics, which is more clear but not sufficient. Having strict rules is not enough since it can only detect threats or attack patterns that are already known or can be predicted. Integrating machine learning will allow multi-dimensional models for user activity to be formed and it will decrease the number of false positives. [6]

Honeypots

Another security mechanism that is currently trending is honeypots. Honeypot is a trap that track the attacker’s activity and improve security using the information gained from the attacks. Last week, it was found out that Iranian hackers used a female impersonation and her fake social media profiles as honeypot to attract men working as technicians and engineers. Their aim was to gain information on “industries [that are] strategically important to Tehran’s regional adversaries”. [7] While honeypots can be dangerous at the wrong hands, it can also be very helpful to fight against different kinds of crimes. For example, just recently, the Dutch police took over Hansa that was one of the largest dark web markets, and used it as a honeypot to gain crucial information on the users of the market. This information allowed the police to identify users by their login credentials and collect the addresses of the buyers. [2]

Cybersecurity gains more importance in the light of recent events and it is more clear that cyber-attacks affect not only personal devices but now has impact on a much larger scale. But, what’s next? A competition is organized by Kaggle, where algorithms will fight each other to confuse and force into opposing machine-learning systems, so more robust defence mechanisms can be developed. [5] This is just the start of cyber-attacks turning into a battle of AI. With the rapid growth of AI, a whole new world for cybersecurity is ahead of us.

 

References

  1. Bradbury, Danny. “Behavior Analytics Takes Effort and Expertise, Say Experts.” IT World Canada. N.p., 31 Oct. 2016. Web. 27 July 2017.
  2. Fox-Brewster, Thomas. “Forget Silk Road, Cops Just Scored Their Biggest Victory Against The Dark Web Drug Trade.” Forbes. Forbes Magazine, 20 July 2017. Web. 25 July 2017.
  3. Iovino, Nicholas. “Judge Won’t Certify Class in Apple False Advertising Suit.” Homepage. N.p., 26 July 2017. Web. 27 July 2017.
  4. Kerner, Sean Michael. “McAfee Report Finds New Malware Evolving to Evade ‘Sandboxes’.”EWEEK. N.p., 24 July 2017. Web. 26 July 2017.
  5. Knight, Will. “AI Fight Club Could Help save Us from a Future of Super-smart Cyberattacks.”MIT Technology Review. MIT Technology Review, 24 July 2017. Web. 28 July 2017.
  6. Patel, Milan. “QRadar UBA App Adds Machine Learning and Peer Group Analyses to Detect Anomalies in User Activities.” Security Intelligence. N.p., 16 Mar. 2017. Web. 26 July 2017.
  7. Volz, Dustin. “Iranian Hackers Used Female ‘honey Pot’ to Lure Targets: Researchers.”Reuters. Thomson Reuters, 27 July 2017. Web. 28 July 2017.
2+

2 comments on “Trending in Cybersecurity Approaches”

  1. Thanks for the interesting article Romi! I must admit that though I regard myself as a relatively tech savvy person, when it comes to computer security I have rarely taken the time to investigate the trending new approaches in cyber security. Thus though sandboxing is a familiar term for me, I had never realized that malware actually could have anti-sandboxing features, clearly the security features must be continuously improved to keep up with the dark side. I’ve also heard of app/program behavior analytics, which also in my experience can be quite prone to false positives, but a UBA system sounds very difficult to implement as users often have a very diverse usage, so determining what is suspicious can’t be easy. Do you know if the UBA systems are more targeted to for instance organizational use, as practice data used for machine learning from different organizations might vary a lot, while focusing on usage pattern data for one might be more accurate?
    Finally I am very fascinated about the concept of opposing machine learning systems trying to hack each other. In the long run the most advanced hacking algorithms in the world could be created by organizations with enough resources to have battles of AI, learning, developing and getting more dangerous..

    2+

    Users who have LIKED this comment:

    • avatar
  2. Hi Romi, thank you for this interesting article!

    As you underlined it in your introduction, the recent ransomware attacks struck many individuals and major companies very badly, highlighting the need to invest in cybersecurity to face these emerging threats. I like the way you clarified some of the techniques used to overcome these new challenges.

    In addition, I am quite confident that these cyber threats and the growing need to fight them will make more companies aware of the danger. Indeed, investment from major companies or States is needed to innovate properly in cybersecurity. We can already observe such initiatives, I am thinking about EY soon opening a Cybersecurity Center in Dallas, here are some extra information: http://www.prnewswire.com/news-releases/ey-opens-advanced-cybersecurity-center-in-dallas-to-help-clients-stay-ahead-of-emerging-threats-300494354.html

    2+

    Users who have LIKED this comment:

    • avatar

Comments are closed.