Cybersecurity is one of the most fluid and changing fields of the tech industry. Every year, new threats and challenges emerge, outpacing past records and expectations. In this respect 2016 was no different. But as online services become more and more prominent and critical to our daily lives and businesses, being able to respond to threats before they deal their damage becomes more critical.
Case in point: The October 21 DDoS attack against Dyn cut millions of users from popular services such as Twitter and Netflix. That is something that most people can shrug off. But what happens when our cars, homes, hospitals and power grids depend on the correct functionality of our digital and online systems?
Cybersecurity expert Lenny Zeltser believes that new approaches to fighting malware can give a leg up in fighting cyberattacks and help organizations stay ahead of cybercriminals.
Evolving threats
Zetster refers to two categories of attacks as defining 2016 in terms of attackers and their motivations.
“Some [attacks] appeared to pursue objectives of nation-states, such as those that targeted critical infrastructure in Ukraine or those that pursued sensitive information of individuals involved in U.S. political operations,” Zeltser says, referring to the Ukraine power grid hack and the DNC hack, both purportedly carried out by Russian hackers.
“Other types of attacks involved ransomware and aimed at making money by denying victims access to their own files,” he adds. Ransomware, a type of malware that encrypts victims’ files and forces them to fork over cash to hackers, has grown immensely in the past year and has become a lucrative business for cybercriminals and wannabe hackers.
“Despite the differences, these incidents demonstrate that we can be targeted even when we might not think we’re on anyone’s radar or that we have information that others might find valuable,” Zeltser stresses. “A compromise to your system might be a way to reach someone else’s. Your personal files, which others might not care to see, might be used as leverage to persuade you to take actions, such as pay ransom.”
A new brand of ransomware shows that cybercriminals are trying new tactics to propagate their malware, including persuading victims to infect others in order to decrypt their own files. This only shows how important our digital assets have become, and how vulnerable they make us. “Our day-to-day activities are continuing to shift towards the digital realm,” Zeltser says. “It’s not surprising that the attackers are following along.”
Shortcoming in facing threats
The cybersecurity industry is faced with a widening talent gap, with more security posts remaining vacant in firms and organizations worldwide. So while the tools and techniques we use to defend our networks, systems and data are evolving, properly evaluating, deploying and overseeing these tools can be quite burdensome due to the expertise and time commitment that they sometimes require, Zeltser says.
“Moreover, organizations often fail to recognize the importance of adjusting their security architecture to keep up with the evolving threats,” Zeltser adds. “Too many organizations are assuming that deploying basic security tools that might have been appropriate a few years ago is sufficient to defend them from today’s online threats.”
One of the problems cybersecurity experts face is smart malware that circumvents traditional protection techniques. “Modern malware often succeeds at evading traditional antivirus and endpoint security tools,” Zeltser says. “It can avoid launching itself from the user’s file system by residing purely in the registry or by injecting itself into legitimate processes.” For instance, some forms of ransomware were found to be embedded in MS Office macros, a security threat whose countermeasure often involves the user not overlooking best practices.
“Some malicious programs also check their environment to detect whether they’re being analyzed within a security sandbox, in which case they will terminate themselves without giving the organization the opportunity to fingerprint the malicious file,” Zeltser explains, referring to attacks and exploit kits that deliver malicious payloads after having passed through antimalware vetting tests and gained the trust of the system.
Deflecting threats in new ways
Zeltser believes that a different approach would be to use malware developers’ techniques against themselves and “turn some of the ways in which malware evades security tools to our advantage.”
“For example, what if we could make a standard user’s system look like a sandbox, so that malware would refuse to infect it,” Zeltser says. “What if we could make a malicious process believe it’s encrypting the victim’s files, while blocking such anomalous actions and using this as the opportunity to back up the person’s documents? What if, when knowing that some malware looks for specific markers to avoid infecting the system twice, we could make it look like the markers are present and ‘immunize’ the system from effects of that malicious program?”
Ideas are easy. Creating the tools that can be deployed on real-world production systems in an enterprise setting is a different beast, given the complexity of interoperating with existing security technologies and the need to avoid burdening the organization’s staff with irrelevant alerts and ongoing maintenance tasks.
Minerva Labs, the endpoint security solution company that Zeltser has recently joined as VP of Products, created an extremely lightweight agent that can, effectively, control how malware perceives its reality when it attempts to run on the endpoint.
“This agent gives us the opportunity to implement some of the ideas I mentioned earlier and lays the foundation for other creative ways of protecting systems from targeted and mainstream threats,” Zeltser says.
Basically, instead of depending on known signatures and behaviors, Minerva’s approach to security involves simulating the constant presence of different sophisticated cybersecurity tools, such as Intrusion Prevention Systems (IPS), trapping malware in a loop that prevents them from knowing where they are and executing their malicious payload.
The solution has proven its effectiveness against ransomware that has managed to bypass other security tools.
Despite the dystopian image that some analysts paint about the future of cybersecurity, Zeltser envisions a brighter future. “So yeah, attackers keep getting better, but the defenders aren’t standing still,” he says. “I’m glad to contribute what I can to help organizations and individuals defend their systems, so they can pay attention to things that truly matter to them, like servicing their customers and living their lives.”