For many criminal organizations, attack techniques are evaluated not only in terms of their effectiveness, but in the overhead required to develop, modify, and implement them. To maximize revenue, for example, they are responding to digital transformation by adopting mainstream strategies, such as agile development to more efficiently produce and refine their attack software, and reducing risk and exposure to increase profitability.

 

Knowing this, one defensive response is to make changes to people, processes, and technologies that impact the economic model of the attacker. For example, adopting new technologies and strategies such as machine learning and automation to harden the attack surface by updating and patching systems or identifying threats forces criminals to shift attack methods and accelerate their own development efforts.

 

Attacks Will Become Smarter
In an effort to adapt to the increased use of machine learning and automation on the part of their targets, we predict that the cybercriminal community is likely to adopt the following strategies, which the cybersecurity industry as a whole will need to closely follow.

 

  • Prediction: Using Fuzzing to Mine for Zero Days

 

      • Fuzzing: Fuzzing has traditionally been a sophisticated technique used in lab environments by professional threat researchers to discover vulnerabilities in hardware and software interfaces and applications. They do this by injecting invalid, unexpected, or semi-random data into an interface or program and then monitoring for events such as crashes, undocumented jumps to debug routines, failing code assertions, and potential memory leaks.

One reason why fuzzing is used so infrequently, or in such limited ways by criminals is because it is very hard to do. The reality is, there’s only a tiny group of people with the expertise needed to develop and run effective fuzzing tools—which is why their use tends to be limited to simple things like DDoS attacks, and why the discovery and use of Zero-Day exploits by cybercriminals tends to be rare.

 

The reality, however, is that there is likely an incalculable number of vulnerabilities that could be discovered and exploited in commercially available software and operating systems right now using fuzzing technologies, but there simply aren’t enough purpose-built fuzzing tools or skilled developers available to discover them.

 

    • AIF – Artificial Intelligence Fuzzing: Artificial Intelligence will change that. AI is already beginning to be used to solve the problem of discovering and exploiting software bugs.

    • Prediction: AI Fuzzing: Applying AI and machine learning models to fuzzing will enable it to become more efficient and effective. Black hat criminals will be able to develop and train fuzzing programs to automate and accelerate the discovery of Zero-Day attacks. Ultimately, such tools could be pointed at a target and automatically mine it for Zero-Day exploits. I call this approach AIF, or Artificial Intelligence Fuzzing.

 

 

AIF would include two machine learning phases, Discovery and Exploit. During Discovery, the AIF tool would learn about the functionalities and requirements of a new software target, including the patterns it uses for structured data. Then, in the Exploitation Phase, it would begin to inject intentionally designed structured data into that software, monitor the outcome, use machine learning to refine the attack, and eventually force the target to break—thereby discovering a vulnerability and an exploit at the same time.
This supervised machine learning approach, guided by a trained attacker, could then be repeated continuously, allowing a criminal to run continuous combinations of attacks to continually discover and exploit Zero-Day vulnerabilities. And in an environment where potentially endless Zero-Day attacks are available, even advanced tools such as sandboxing would be quickly overwhelmed.

 

One reason why fuzzing is used so infrequently, or in such limited ways by criminals is because it is very hard to do. The reality is, there’s only a tiny group of people with the expertise needed to develop and run effective fuzzing tools—which is why their use tends to be limited to simple things like DDoS attacks, and why the discovery and use of Zero-Day exploits by cybercriminals tends to be rare.

The reality, however, is that there is likely an incalculable number of vulnerabilities that could be discovered and exploited in commercially available software and operating systems right now using fuzzing technologies, but there simply aren’t enough purpose-built fuzzing tools or skilled developers available to discover them.

 

AIF would include two machine learning phases, Discovery and Exploit. During Discovery, the AIF tool would learn about the functionalities and requirements of a new software target, including the patterns it uses for structured data. Then, in the Exploitation Phase, it would begin to inject intentionally designed structured data into that software, monitor the outcome, use machine learning to refine the attack, and eventually force the target to break—thereby discovering a vulnerability and an exploit at the same time.

This supervised machine learning approach, guided by a trained attacker, could then be repeated continuously, allowing a criminal to run continuous combinations of attacks to continually discover and exploit Zero-Day vulnerabilities. And in an environment where potentially endless Zero-Day attacks are available, even advanced tools such as sandboxing would be quickly overwhelmed.

 

  • AIF’s Impact on the Cybercrime Economy: The acceleration in the number and variety of available vulnerabilities and exploits, including the ability to quickly produce Zero-Day exploits, and even provide Zero-Day Mining-as-a-service, may radically impact the types and costs of services available on the dark web. Zero-Day Mining as a Service will completely change how organizations approach security, because there’s no way to anticipate where these Zero-Day are located, nor how to properly defend against them, especially using the sorts of isolated, legacy security tools most organizations have deployed in their networks today.

 

  • Swarm-as-a-Service: Dramatic advances in swarm-based intelligence and technologies continue to drive us closer to seeing swarms used as both attack and cyber defense tools. For example, a new methodology was recently announced by scientists in Hong Kong that uses natural swarm behaviors to control clusters of nano-robots. These micro-swarms can be directed to perform precise structural changes with a high degree of reconfigurability, such as extending, shrinking, splitting, and merging.

 

    • Prediction: Swarm-as-a-Service: This same sort of technology can potentially be used to create large swarms of intelligent bots that can operate collaboratively and autonomously. They will not only raise the bar in terms of the technologies needed to defend organizations, but like Zero-Day Mining, they will also have an impact on the underlying criminal business model. Ultimately, as exploit technologies and attack methodologies evolve, their most significant impact will be on the economic models employed by the cybercriminal community.

Right now, the criminal ecosystem is very people-driven. Professional hackers-for-hire build custom exploits for a fee, and even new advances such as Ransomware-as-a-Service requires black hat engineers to stand up different resources, such as building and testing exploits and managing back-end C2 servers. But when you start talking about delivering autonomous, self-learning Swarms-as-a-Service, the amount of direct interaction between a hacker-cunsumer and a black hat entrepreneur drops dramatically.

 

    • A-la-Carte Swarms: The ability to subdivide a swarm into different tasks to achieve a desired outcome is very similar to the way the world has moved towards virtualization. In a virtualized network, resources can spin up or spin down VMs based entirely on the need to address particular issues such as bandwidth. Likewise, resources in a swarm network could be allocated or reallocated to address specific challenges related to addressing challenges encountered in an attack chain. A swarm that criminal entrepreneurs have already preprogrammed with a range of analysis tools and exploits, combined with self-learning protocols that allow them to work as a group to refine their attack protocols, makes purchasing an attack for cybercriminals as simple as selecting from an a-la-carte menu.

 

  • Poisoning Machine Learning: Machine learning is one of the most promising tools in the defensive security toolkit. Devices and systems can be trained to perform specific tasks autonomously, such as taking effective countermeasures against a detected attack. Machine learning can also be used to effectively baseline behavior and then apply behavioral analytics to identify sophisticated threats that span environments or leverage evasion strategies. Tedious manual tasks, such as tracking devices based on their exposure to current threat trends and automatically applying patches or updates can also be easily handed over to a properly trained system.

 

    • Prediction: Poisoning Machine Learning Systems: This process can also be a two-edged sword. Rather than trying to outthink or outperform a system enhanced with machine learning, it may be easier to simply target the machine learning process itself. The methodology and tools used to train a device or system to perform a specific task are also its greatest Achilles heel. For example, if an attacker is able to compromise a machine learning system and inject instructions, it could train devices or systems to not apply patches or updates to a particular machine so that it remains vulnerable to an attack, or to ignore specific types of applications or behaviors, or to not log specific traffic in order to evade detection.

    • Machine learning models already regularly use data from potentially untrustworthy sources, such as crowd-sourced and social media data, as well as user-generated information such as satisfaction ratings, purchasing histories, or web traffic. Because of this, cybercriminals could potentially use malicious samples to poison training sets to ignore threats, or even introduce backdoors or Trojans, with relative ease. To prevent this, extra care must be taken to ensure that all machine learning resources and protocols are carefully monitored and protected.

 

Responding with a New Defense Strategy
To address the challenges, we see on the horizon, the cybersecurity community is going to have to change their traditional approaches to security. The most effective strategy is likely to be one that takes aim at their economic model. Forcing them to re-engineer their attacks, for example, would be expensive and time-consuming, and may force them to seek easier prey.

 

Prediction: Deception
Deception strategies have been available for some time. But only recently—given the increase in sophistication of attacks that have managed to easily breach traditional perimeter security defenses—has their implementation become more essential.

 

The basic idea is to create too many choices for an attacker, most of which are dead ends, to force them to slow down and potentially give away their position. If you can generate enticing traffic from a large number of databases, and only one of them is real, attackers will have to slow down to evaluate each data source and potentially even chase down each option. But what if those dead-end options not only contain interesting data, but also exist in an environment where unexpected traffic will immediately stand out, not only increasing a defender’s ability to detect an invader, even if they are using evasion technology, but also trigger an automated response to evict them from the network. This strategy increases both the risk of detection as well as the cost of running an attack.

 

This approach will impact the cybercriminal business model where targets are chosen based on risk/reward and ROI strategies. Adding layers of complexity that require deep, hands-on analysis means that the cost of launching an attack suddenly escalates. And because most cybercriminals tend to follow the path of least resistance—either to maximize ROI or because many of them are actually quite lazy—they are most likely going to find a more accessible network to exploit.

 

Prediction: Unified Open Collaboration
While advances in security technologies enable some defenders to detect increasingly sophisticated attacks, the vast majority of deployed security solutions still rely on signature matching or other simple detection methods. So, one of the easiest ways for a cybercriminal to maximize their investment in an existing attack solution is to simply make minor changes to their malware. Even something as basic as changing an IP address can enable malware to evade detection by traditional security tools.

 

One of the most common ways to keep up with such changes is through the active sharing of threat intelligence. New open collaboration efforts currently underway between threat research organizations, security manufacturers, and law enforcement and other government agencies will increase the efficacy, timeliness, and sophistication of threat intelligence. Increasingly collaborative efforts, such as the Cyber Threat Alliance, not only share data between researchers, but also publish that research in the form of playbooks that expose the tactics used by attackers.

 

This will require cybercriminals to make more complicated and expensive changes to their attack tools, codes, and solutions. And as these Unified Open Collaboration forums expand, organizations will soon also be able to apply behavioral analytics to live data feeds to predict the future behavior of malware, making the digital marketplace safer for everyone.

 

Conclusion
Getting in front of the cyber threat paradigm requires organizations to rethink their security strategies in terms of how to impact the underlying economic strategies of criminal organization. Rather than engaging in a perpetual arms race, organizations will be able to leverage the power of automation to anticipate threats and target the economic motivations of cybercriminals in order to force them back to the drawing board.

 

Disrupting the criminal economic model, however, can only be achieved by tightly integrating security systems into a cohesive, integrated security fabric framework that can freely share information, perform logistical and behavioral analysis to identify attack patterns, and then incorporates that intelligence into an automated system that can not only respond to attacks in a coordinated fashion, but actually begin to anticipate criminal intent and attack vectors.

 


RECOMMENDED ARTICLE FOR TECHWORLD


 
Skygofree: Highly Advanced, Powerful Android Surveillance Software Active since 2014
Techworld Date Posted: 26 January 2018 9:48 AM | 372 Views
Kaspersky Lab researchers have uncovered an advanced mobile implant, active since 2014 and designed for targeted cyber-surveillance, possibly as an ‘offensive security’ product. . See More
 
Skygofree: Highly Advanced, Powerful Android Surveillance Software Active since 2014
Techworld Date Posted: 9:48 AM | 372 Views
Kaspersky Lab researchers have uncovered an advanced mobile implant, active since 2014 and designed for targeted cyber-surveillance, possibly as an ‘offensive security’ product. See More

 
Tech Support Burden on Younger Generation Results in Relationship Rifts.
Techworld Date Posted: 17 June 2019 10:30 AM | 15 Views
Tech Support Burden on Younger Generation Results in Relationship Rifts. See More
 
Tech Support Burden on Younger Generation Results in Relationship Rifts.
Techworld Date Posted: 10:30 AM | 15 Views
Tech Support Burden on Younger Generation Results in Relationship RiftsSee More

 
Best Gadgets That Will Make Your Christmas Shopping a Breeze
Techworld Date Posted: 13 November 2018 3:55 PM | 276 Views
Make your Christmas shopping easier this 2018 with Gadget Goods Asia’s Christmas package as they offer five unique travel and work gadgets at great discounts. . See More
 
Best Gadgets That Will Make Your Christmas Shopping a Breeze
Techworld Date Posted: 3:55 PM | 276 Views
Make your Christmas shopping easier this 2018 with Gadget Goods Asia’s Christmas package as they offer five unique travel and work gadgets at great discounts. See More

 
Realme Philippines Launches Official Store on Shopee, Holds First 2019 Flash Sale on January 30
Techworld Date Posted: 25 January 2019 1:26 PM | 22 Views
Game changer smartphone brand Realme Philippines officially partners with Shopee, a major online retail platform. This expansion further intensifies Realme’s presence in the e-commerce space and expands the brand’s reach in the country. . See More
 
Realme Philippines Launches Official Store on Shopee, Holds First 2019 Flash Sale on January 30
Techworld Date Posted: 1:26 PM | 22 Views
Game changer smartphone brand Realme Philippines officially partners with Shopee, a major online retail platform. This expansion further intensifies Realme’s presence in the e-commerce space and expands the brand’s reach in the country. See More

 
Jubilate as the Philippine Robotics Team Is Now on the World Stage
Techworld Date Posted: 25 November 2017 5:04 PM | 25 Views
The country’s young geniuses who are part of the Philippine Robotics Team once again proved their world-class brilliance. See More
 
Jubilate as the Philippine Robotics Team Is Now on the World Stage
Techworld Date Posted: 5:04 PM | 25 Views
The country’s young geniuses who are part of the Philippine Robotics Team once again proved their world-class brillianceSee More

 
Kaspersky Index in H2 2016: People are Becoming more Cyber Savvy
Techworld Date Posted: 8 May 2017 11:06 AM | 375 Views
Kaspersky Lab has updated its Kaspersky Cybersecurity Index, a set of indicators that allow the evaluation of the level of risk for Internet users worldwide. The Index for the second half of 2016 demonstrates.... See More
 
Kaspersky Index in H2 2016: People are Becoming more Cyber Savvy
Techworld Date Posted: 11:06 AM | 375 Views
Kaspersky Lab has updated its Kaspersky Cybersecurity Index, a set of indicators that allow the evaluation of the level of risk for Internet users worldwide. The Index for the second half of 2016 demonstrates...See More

 
Protect Scattered Data in Physical, Virtual, and Cloud Workloads with the Active Backup Suite
Techworld Date Posted: 29 June 2018 4:21 PM | 362 Views
Synology today announced the official release of two major backup applications in Active Backup suite of packages, the official version of Active Backup for Office 365 that supports SaaS cloud backup, and the beta.... See More
 
Protect Scattered Data in Physical, Virtual, and Cloud Workloads with the Active Backup Suite
Techworld Date Posted: 4:21 PM | 362 Views
Synology today announced the official release of two major backup applications in Active Backup suite of packages, the official version of Active Backup for Office 365 that supports SaaS cloud backup, and the beta...See More

 
The Nightmare Before Christmas: A Third of Shoppers’ Financial Credentials Compromised
Techworld Date Posted: 20 December 2018 4:32 PM | 150 Views
The time of unrestrained shopping has already begun, thanks to Black Friday in November. This is swiftly followed by Christmas and New Year gift-giving, and then the January sales.. See More
 
The Nightmare Before Christmas: A Third of Shoppers’ Financial Credentials Compromised
Techworld Date Posted: 4:32 PM | 150 Views
The time of unrestrained shopping has already begun, thanks to Black Friday in November. This is swiftly followed by Christmas and New Year gift-giving, and then the January sales.See More

 
Sony’s Xperia XZ Premium Gets Android 8.0 Oreo Upgrade
Techworld Date Posted: 4 December 2017 4:42 PM | 22 Views
Sony’s Xperia XZ Premium is getting an OS upgrade. The Android 8.0 Oreo update is now available for Sony’s flagship smartphone but it also goes beyond the usual as it brings with it cool.... See More
 
Sony’s Xperia XZ Premium Gets Android 8.0 Oreo Upgrade
Techworld Date Posted: 4:42 PM | 22 Views
Sony’s Xperia XZ Premium is getting an OS upgrade. The Android 8.0 Oreo update is now available for Sony’s flagship smartphone but it also goes beyond the usual as it brings with it cool...See More

 
ASUS Republic of Gamers Showcases Latest Gaming Lineup at CES 2018
Techworld Date Posted: 11 January 2018 1:23 PM | 987 Views
ASUS Republic of Gamers (ROG) today unveiled its latest lineup of gaming accessories at CES® 2018, including the ROG Strix Flare RGB mechanical keyboard, ROG Aura Terminal addressable RGB controller,. See More
 
ASUS Republic of Gamers Showcases Latest Gaming Lineup at CES 2018
Techworld Date Posted: 1:23 PM | 987 Views
ASUS Republic of Gamers (ROG) today unveiled its latest lineup of gaming accessories at CES® 2018, including the ROG Strix Flare RGB mechanical keyboard, ROG Aura Terminal addressable RGB controller,See More


Power by

Download Free AZ | Free Wordpress Themes