SAN FRANCISCO — Humans and systems are quickly becoming cohabitants, especially as the "lines between technology and humanity are being erased," said Samir Kapuria, senior VP and GM of Cybersecurity Services at Symantec, during a keynote at RSA Conference in San Francisco Wednesday.
Because man and technology are becoming intertwined, the safety of humans and cyber must also strengthen. Our "digital personas" will continue to be under siege as activity in cyber shifts "from bits and bytes to lives and people," said Kapuria. So when cyber integrates with humans on every level, livelihood is on the line.
To help prevent cybersecurity shortcomings, there are three cyberthreats to be aware of, as determined by experts from SANS Institute.
1. Data repository leaks
Bad actors are zoning in on cloud-based data storage and online code repositories, according to Ed Skoudis, instructor at SANS, speaking at a keynote at RSA Wednesday. Private repositories are not configured correctly or there are critical flaws in basic security, like accidentally marking a repository as public.
Open AWS S3 buckets were the root of data leaks from the Department of Defense, World Wrestling Entertainment and Verizon. Having data in the wrong buckets makes it "even juicier for the bad guys," said Skoudis.
To avoid such a mishap, put a data curator in place to have control over a data asset inventory. Educate developers and architects to prevent developers from "committing code with leaked credentials," according to Skoudis.
Using AI or ML solutions to detect a leak in the cloud or using search tools like Gitrob to find sensitive data in repositories also prevent a data breach. Cloud providers like AWS and Microsoft offer automatic services that will "crawl through" buckets seeking any PII in a company's collected data.
The business model behind ransomware is changing.
Instead of personal data being sold on the black market, hackers chose to sell its access to victims. But as seen with NotPetya, the safe return of data was not always guaranteed.
Ransomware cripples more than a company's wallet: Hackers want ransomware to stall a business until a resolution is found.
The sale of PII like credit cards is decreasing in value because there is just too much of it for sale, according to Johannes Ullrich, dean of research at SANS Technology Institute, during the same keynote.
"Hackers don't like to make the news," he said. So to avoid tracking that bitcoin, hackers are turning to cryptomining. By installing cryptocurrency miners, hackers can act in a sneakier manner with less of chance of being traced.
To lessen the likelihood of a cryptomining ransomware attack, companies need a high CPU load. They also need to monitor network traffic because hackers have to connect to mining pools that security teams can detect.
3. Vulnerable industrial code
The near future is bringing "threats that transcend that interests of money and fraud," said James Lyne, head of R&D at SANS Institute, speaking during the keynote Wednesday. Instead, cyberthreats apply at the level of "life and limb."
There has been activity on the dark web focusing on industrial code, like power grids and controllers. To relinquish control of these critical infrastructures to hackers is much like losing grip of the last line of defense between people and cyber.
The shift from just profit-based attacks to ones that focus on universal disruption is due to the increase of added technology in day-to-day life.
But the risk is also in how these infrastructures tend to lag behind in terms of modern operating systems and applications. This makes this environment of vulnerable infrastructure much slower and harder to defend against malicious code.
One of the worst case scenarios to this kind of threat is when an attack moves from DCS (distributed control system) to sensors within these infrastructures. At that point, the "source of truth is lying to you" and the tool companies rely on for detection alerts is effectively "poisoned," according to Lyne.