Cybersecurity Threats: What’s Old Is New Again
When people think about cybersecurity, they think about, to use a technical term, “super high-tech stuff,” including powerful computers, complex programming code and all kinds of gadgets that would make James Bond’s Quartermaster (“Q”) jealous. While all these things may be true, let’s step back a little and break things down to their basic elements.
Cybersecurity is all about maintaining the integrity of underlying data, the process of securely sending and receiving a message, protecting the messenger and the message itself. This is something that has been happening since before the pyramids were built in ancient Egypt. Fundamentally, it’s the same thing.
Is there trust that the originator of the message hasn’t been compromised through bribery or other coercion? Is the messenger trustworthy? Has the messenger been coopted in some way to divulge the contents of the message to unknown parties, or been tricked into delivering a different message? Similarly, is the receiver of the message the right recipient?
All these ancient, analog situations have their modern-day digital equivalents. In this article, we will look at some of these types of attacks, defences to those attacks and some of the companies that help facilitate those defences.
Protecting The Message Source
Back in the days of file cabinets, this wasn’t as much of an issue but in the digital age, the sheer amount of data housed in company and government databases and the relative ease with which it can be transferred once accessed is astounding. This is where you see most of the offensive and defensive activity in the cybersecurity industry. State sponsored groups like Russia backed “Cozy Bear” or “Fancy Bear,” North Korea sponsored “Lazarus Group,” China assisted “Double Dragon,” or Iran’s collective known as “Helix Kitten” have been behind an increasing number of attacks.
Not to be outdone, there is a group known as the “Equation Group” that has been tied to the U.S.’s National Security Agency (NSA) and has been billed as one of the most sophisticated cyber-attack groups in the world by Kaspersky Labs. Private groups like Lapsu$ and Killnet are in it strictly for the money, usually via ransomware attacks and leave the ideology for others.
On the other side of this equation are companies like South Korean based Ahnlab Inc, Israel based Check Point Software and U.S. based Crowdstrike. These companies provide a full suite of products and services to clients that range from basic email attachment screening to network traffic monitoring to deploying so called Red and Blue (and Purple, Yellow, and White) teams to do real-time, real-world network penetration testing. Red Teams are White Hat (friendly) groups set up to break into systems anyway they can. This may include social engineering though a phishing campaign or even calling employees directly to glean whatever information they can to help them figure out passwords or other ways to access systems. Blue teams run defence against Red Teams. Purple teams serve as high level review of Red and Blue team activities. Yellow teams are composed of any number of programmers, application designers or software engineers that can really get into the nuts and bolts of why vulnerabilities exist and how best to eliminate them. White Teams work to oversee penetration testing efforts, set and manage the scope of the exercises.
You may have heard about Distributed Denial of Service (DDoS) attacks. The analog version of these types of attack is best described as setting up a flash mob to put so many uninterested customers in a brick-and-mortar store that the store ceases to be able to function. How this happens in the digital world is hackers spend time developing a network of machines they have under their control through tricking users into downloading viruses while they grab things like “Free Emoji Packs” and other seemingly innocuous items online. Hackers then use those controlled (“PWND”) machines to generate requests to a victim’s website at such a pace that the website simply can’t handle the number of requests and stops working. For a commercial website, this type of attack can be devastating.
Companies like Splunk Inc have made a name for themselves in the cybersecurity space by getting really good at handling extremely large amounts of data. Remember when we used to talk about “Big Data” and how difficult it was to manage? Splunk was there from the beginning and built their company on their ability to not just manage data but collect and process it as well. In offering protection against DDoS attacks, Splunk works to capture and examine website traffic to determine what is real and what is generated by zombie machines or bots. To be clear, this happens in real-time, not after the fact.
Protecting the Message Route
Again, back in the analog days of old, the path a messenger took could determine not just how quickly the message got delivered but also how much danger the messenger might find themselves in as they travelled through certain areas. The decentralized nature of the internet means that communications between computers route themselves through the easiest (fastest) route possible. Web users can open up a DOS prompt and run what is known as a traceroute to find out how many nodes, or “hops” your request was being routed through.
Back before companies like Fastly and Akamai Technologies began to keep geographically local copies of websites, there would be a larger number of hops before the website target was found. The randomness of that message path opens possibilities of what is known as a Man-In-The-Middle (MITM) attack where messages are observed or hijacked on their way to their final destination.
Let’s talk about that final destination. When you type a website address into your browser, your computer takes what you recognize and translates it into something that it recognizes, which is the IP address of that site. This works the same way that you can tell an online map service to find Times Square, it will look up the following coordinates (40°45’27.83″ N -73°59’8.55″ W) and match them with a human readable table to show you “Times Square” instead of GPS coordinates.
This lookup table is known as Domain Name Services (DNS) and serves to act as the official guide for anyone trying to navigate to a website using the Universal Resource Locator (URL), or web address. If hackers were to gain control of a DNS or be able to route users to their own DNS they could direct users to fake websites posing as legitimate as they could map a URL like www.bankofamerica.com to their own version of that site, sit back and gather account credentials at will. Companies like Versign and Cloudflare work to maintain accurate DNS and keep their respective mapping lists safe from interference.
One other aspect of what Cloudflare does crosses over from cybersecurity into the next area we will cover, data privacy and digital identity.
Protecting the Messenger/Message Destination
Once more, back in the analog days of old, protecting the identity of the messenger was sometimes critical to getting the message delivered as well as the message itself. There are any number of DNS mappings that are in use. Every Internet Service Provider (ISP) maintains their own. In doing so, they not only can expedite those requests, but they also have the record of when and where their customers go online. Cloudflare offers a free anonymous DNS service that can be used by anyone who wants to keep their browsing habits to themselves. Setting up the service can be done either through your favourite browser, or if you are comfortable with the technology, at your home router so everything automatically gets routed away from your ISP. If you are tired of seeing ads for lawn chairs three months after you do one innocuous search, then Cloudflare’s solution might be worth looking into.
These days, the messenger also acts as the destination as it is through users’ computers, cellphones and laptops that they make requests to websites. In that regard, companies like Norton Lifelock work to protect both customers’ devices as well as their personal information. Microsoft is another company that also provides a robust suite of protections with its Microsoft Defender platform that is an integrated part of the Windows operating system.
One simple thing users can do is create strong passwords. Private company Hive Systems has done some great research on password effectiveness where they have figured out that while using numbers, upper and lower case letter and symbols is helpful in creating better passwords, adding more characters does more for the strength of your password than anything else. For example, an 8-character password with all those character types would take about 39 minutes to crack. Up that to 11 characters and you’re looking at 34 years. 14 characters? How about 16 million years? Above 14 characters will get you into billions and even trillions of years to break, depending on how far you want to go.
Wrapping It Up
As we said in the beginning, cybersecurity can be a very complicated thing to try and understand. One way to overcome that complexity, as with just about any technology, is to remember that fundamentally, the new tech is just doing what the old tech always did, just a little differently. If you can understand the fundamentals of what’s going on, it will be easier to figure it all out.
This Featured Article has been produced by Tematica Research LLC. Rize ETF Ltd make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability or suitability of the information contained in this article.
Chris Versace and Mark Abssy, “Cybersecurity Threats: What’s Old Is New Again”, October 2022. Available at: https://www.nasdaq.com/articles/cybersecurity-threats%3A-whats-old-is-new-again