sb-au logo
Story image

Evolving threat landscape means we need to think differently

McAfee's CTO, Steve Grobman, says "The industry needs to think about threats differently. It's not just about malware. We need to think about the types of environments that are going to be impacted".

Whereas most threats used to be considered in terms of the single devices they attacked or breached, the shift to cloud and multi-tenanted environments and a greater variety of end-point devices are forcing everyone to rethink their security plan.

"We have to think about non-traditional devices. If we haven't learned anything other than the criticality that cybersecurity matters for the very cheap to the very expensive from the Dyn incident, it's critical that we think about that, " adds Grobman.

Grobman says manufacturers must look at the entire security lifecycle for all devices from the very cheap to the very expensive. He showed demonstrations of three different devices being breached during a private briefing during the recent Intel Focus conference.

The devices, a WeMo Insight Switch, an Almond router and a Kenwood car stereo head unit, were all exploited by Grobman. And while the hack on the switch caused a minor irritation – a lamp was switched on and off repeatedly – the router was attacked with ransomware rendering it useless and the head unit was compromised so that its interaction with in-car systems was impacted.

Brian Krebs, whose site was compromised by a DDoS attack that exploited vulnerable IoT devices, has published a list of the devices that were used. That was done by an analysis of the username and passwords used by the Mirai malware.

However, there are devices in homes and offices now that run firmware but have had connectivity added to them later.

"I think that's a big part of the problem that we see in IoT," says Grobman. "Many devices or components were developed with the assumption they would never have external connectivity. The fact there's a vulnerability in firmware that's never connected doesn't really matter".

But with increased connectivity in devices, this is becoming a new threat surface. And there's pressure on manufacturers to keep prices of devices low, resulting in security being overlooked.

This is why a new approach is needed says, Grobman.

As well as the explosion of IoT, enterprises are increasingly reliant on new architectures in shared-service environments. For example, with the use container engines to provide services has changed how applications are secured.

Today, if a someone requires a web server, instead of creating a server and installing an operating system and web server software, service providers now deliver very small footprint containers that can run a web server on a minimal code base comprising of only the bare essentials needed. This reduces the threat surface significantly.

Grobman says "For the highly reputable service providers, they do a good job in running a security assurance programs to minimise the risks that there will be escapes from containers".

But he notes there have been hacks in the past that have managed to break out of virtual machines, so it's important to remain vigilant and continue improving security.

"Every time we've added a new security architecture, it eventually has vulnerabilities," says Grobman. "There's no reason to think we won't see issues over time".

As organisations embrace these new technologies, their risk position will change, and that will necessitate continual evolution. 

In addition, the ability for containers and virtual machines to be spun up, used and destroyed – sometimes in seconds – for specific tasks makes forensic detection and investigation more difficult. The same processes we are using to improve security can be exploited by threat actors to obfuscate their tracks

Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Download image
Network functions virtualisation: What is is, how to use it, and why it matters
Network functions virtualisation (NFV) is fast becoming the go-to method of simplifying corporate networks from planning, through deployment and management.More
Link image
Data is an organisation's most significant asset - here's how to protect it
Data resilience strategies are becoming more crucial as more value is ascribed to a company's data. If it's not stored securely and cost-effectively, expect problems.More
Link image
Why performance monitoring is essential to keep cloud costs down
Cloud comes with many different associated costs, which can sneak up on organisations and drive down efficiency. Here's how to reduce costs by up to 50%.More
Story image
Understanding data is the first step in public sector cloud adoption
Before any cloud migration, it is essential to know exactly what data the organisation already has and where it’s located.More