Stories of increasingly vicious cyber-attacks have dominated the headlines this year. It seems like every day we wake up to news of another attack on the scale of the Yahoo data breach, the Democratic National Committee hack, or the NSA source code leak. We are in a new era of threat in which 97 per cent of companies can expect to be the victim of a malware attack.
Cyber-attacks that make the news provide valuable insights, but they only scratch the surface as to what's out there. Many threats still go undetected, making it difficult to properly report on longer-term cyber missions.
A recent report from Darktrace provides a rare glimpse into early-stage cyber-attacks. These emerging threats provide fascinating insights into the dangerous and often invisible world of cyber-warfare. In these real-world attacks, the report identified hackers using sophisticated methods, advanced technologies, and creative strategies, all designed with the explicit purpose of bypassing legacy security systems. These discoveries show three primary avenues that threat-actors are using to infiltrate networks -- through vulnerabilities in the Internet of Things, through social engineering tactics, and through overwhelming speed.
Internet of Things increases attack surface
The growing 'Internet of Things' is helping to transform businesses while simultaneously creating new vulnerabilities for hackers to exploit. Attackers are no longer limited to traditional entry points like mobile devices and laptops. Cyber-criminals can now launch attacks through network-connected coffee machines, video-conferencing units, and Wi-Fi-enabled thermostats. By using non-traditional access points, attackers can infiltrate corporate networks undetected.
We've seen a real-life example of this trend. A major retailer expands internationally and invests in a video conferencing equipment to facilitate communications. However, it comes to light that one video conferencing camera in particular was sending unusually large quantities of data outside the network and the camera was sending this information through Telnet -- a protocol normally restricted for internal network use -- which signified that an external attacker had gained remote access.
In this instance, without identifying these abnormalities in the normal pattern of life, an intruder would have been able to use the conference system for audio and video espionage or to launch a DDoS attack.
Rising risk of insider threats
External attackers aren't necessarily the biggest cyber-threat facing businesses today. Attacks launched from the inside have the potential to be far more devastating. Anybody with network access -- whether a long-time employee or a temporary contractor -- can wreak havoc on an enterprise network, stealing troves of data or accidentally downloading malicious malware. With motivations ranging from monetary gain to carelessness, it is nearly impossible to flag high-risk users in advance.
In a real example, a charity's receptionist was recently targeted by a social engineering attack. The attacker forged an invoice from a legitimate stationary supplier that they had done business with in the past. The receptionist opened the attachment which connected the computer to a server in Ukraine and downloaded malware that tried to read and encrypt the company's files. Known as ransomware, the objective of this attack was to encrypt crucial files and demand payment for the key to unlock them. Any employee, no matter how well-trained, could have fallen for such a clever social engineering attack. However, the charity had a solution that detected the abnormal international web traffic, giving the charity enough time to shut down the ransomware before it spread.
Automated attacks are too fast for human detection
Simply put, cyber-attacks are getting faster. Much faster. Automated attacks move at machine-speed and are capable of crippling an entire network in a matter of minutes. Security teams can no longer keep up.
Earlier this year, a European airport was infected with malware. The attacker targeted a 'Lost and Found' computer, assuming that section of the network would receive minimal security attention. After gaining entry, the attacker attempted to avoid detection by disguising communications as DNS requests transmitted by UDP, rather than the usual TCP.
The airport's 'immune system' technology noticed abnormal network traffic extracting data through an unusual port. The airport security team was immediately altered, allowing them to rapidly respond by isolating the network device to stop the exfiltration.
A cyber-attack like this would usually unfold more quickly than the human security team could deal with. In this case, the airport had recently installed a new network security solution that used advanced machine learning to alert their security analysts. They were able to isolate the infected computer before the malicious code could spread across the network.
In an age where threat-actors have easy access to advanced, turnkey malware -- often in the form of automated attacks -- cyber-warfare has become an arms race. No industry is immune. Malware has become more accessible, and the attack vectors have increased by an order of magnitude. With the rise of the vulnerable Internet of Things, the risk of insider threats, and the breakneck speed of modern attacks, organizations are more vulnerable than ever.
Modern businesses can't afford to adopt a retrospective view. Crafting a security strategy around attacks that made the news will fail to protect businesses from new, emerging threats. Organizations have to study early-stage threats like these, which signify the future of cyber-threat in which attackers have access to advanced malware designed to overwhelm networks with cleverly disguised attacks that move at machine-speed. This paradigm shift points toward a need for a self-learning technology that can keep pace with the evolving and increasingly sophisticated threat landscape.
Follow HuffPost Canada Blogs on Facebook