Friday, October 31, 2014

Cybersecurity Nightmares


It's Halloween, and it's not just trick-and-treaters that scare us, or TK Keanini. Keanini, Chief Technology Officer at  Lancope, has compiled a number of short and horrifying cybersecurity scenarios entitled "Welcome to My Cyber Security Nightmare."

Welcome to My Cybersecurity Nightmare
This past year, we have seen some pretty scary stuff happen in cybersecurity. Being that Halloween is almost here; I thought I would share with you some scenarios that keep me up at night. These are scenarios that we are not ready to battle, and that are well beyond the horrific headlines we read on a daily basis. If you enjoy a good scare, read on.

User Participation in Cyber-Attacks
Most of the resources cybercriminals use to carry out their objectives are acquired through some method that results in compromised computers on the Internet. These resources remain available until the user or organization detects and remediates the incident. But what if the user participated willingly?  Instead of bad guys having to compromise hosts, what if they instead cut other people such as corporate insiders in on the profits? Given crypto currency, the TOR network, and a few other factors, this could be a nightmare scenario, as we are not ready for this type of surge in distributed attacks.

The recruitment for this could be something like the ‘work from home’ signs you see around your town.  The work could be as easy as downloading and installing a package and could earn the host user as much as $10.00/day. That is $300.00/month for someone to simply leave their computer running and connected. The average citizen is not likely to know what type of activity their computer is involved in on a daily basis.

The end result of this scenario would be a massive number of networked computers available for distributed denial-of-service, cryptographic brute forcing, or remote network sniffing. With the cooperation of the host, the capability list is endless, and because they are making money, the host will be motivated to help the cybercriminals persist. Service providers and law enforcement are not ready for this type of attack. This could lead to botnet armies with size and capabilities we have never seen before.

Expansion of Capability Marketplaces
Another nightmare scenario is for cybercriminals to expand their marketplace networks. Today you look at coordination networks like Uber, Instacart, Care.com, etc. These services are facilitators connecting a consumer who wants something delivered with a network of people who can deliver it.

Now think of applying this pattern to cybercrime. On one end there is a criminal who would like the login credentials of a Global 2000 executive. Via TOR networking, they go to a site where they can place their request, submit their crypto currency, and a skilled global workforce accepts this objective and delivers it within the terms of the agreement. This lowers the coordination cost for cybercrime to near zero and connects the demand with the supply in ways that have never been seen to date.

Because so many people are motivated by money, a service like this could turn citizens into cybercriminals if they believe they cannot get caught and that they can easily make a few bucks on the side.
The last thing I will say about this type of participation and marketplace networks is that they fragment security events into small, seemingly disconnected pieces where one event might not look harmful, but only when seen as a whole can the impact and significance be evaluated.

The Next Level of Cybercrime: Click to Compromise
Consider a SaaS service that helped a person compute their cybercrime – Cybercrime as a Service.
The power of big data analytics and machine learning can compute amazing insight for businesses, and it can do the same for criminals. A criminal could log in to a website and declare their objective, and the service would compute several attack plans that the criminal could choose from. This would work in the same way that a user is presented with multiple routes to reach a destination when getting directions online.

This Cybercrime as a Service would have social networks mapped, personal information on each individual, language analysis that yields a level of trust between individuals, mapping to various accounts (some of which may have been compromised), etc. All of this would be creating a corpus of data that can lead the criminal through a directed graph leading to the objective (exfiltration of a file, ransomware, etc.).

Remember, cybercrime is a business and profitable businesses only get smarter and more effective.   These are things that keep me up at night because in our current state, there is nothing that makes these types of attacks hard to execute for cybercriminals, and they could easily turn from nightmare to reality.