Story image

Evolving threat landscape means we need to think differently

04 Nov 2016

McAfee's CTO, Steve Grobman, says "The industry needs to think about threats differently. It's not just about malware. We need to think about the types of environments that are going to be impacted".

Whereas most threats used to be considered in terms of the single devices they attacked or breached, the shift to cloud and multi-tenanted environments and a greater variety of end-point devices are forcing everyone to rethink their security plan.

"We have to think about non-traditional devices. If we haven't learned anything other than the criticality that cybersecurity matters for the very cheap to the very expensive from the Dyn incident, it's critical that we think about that, " adds Grobman.

Grobman says manufacturers must look at the entire security lifecycle for all devices from the very cheap to the very expensive. He showed demonstrations of three different devices being breached during a private briefing during the recent Intel Focus conference.

The devices, a WeMo Insight Switch, an Almond router and a Kenwood car stereo head unit, were all exploited by Grobman. And while the hack on the switch caused a minor irritation – a lamp was switched on and off repeatedly – the router was attacked with ransomware rendering it useless and the head unit was compromised so that its interaction with in-car systems was impacted.

Brian Krebs, whose site was compromised by a DDoS attack that exploited vulnerable IoT devices, has published a list of the devices that were used. That was done by an analysis of the username and passwords used by the Mirai malware.

However, there are devices in homes and offices now that run firmware but have had connectivity added to them later.

"I think that's a big part of the problem that we see in IoT," says Grobman. "Many devices or components were developed with the assumption they would never have external connectivity. The fact there's a vulnerability in firmware that's never connected doesn't really matter".

But with increased connectivity in devices, this is becoming a new threat surface. And there's pressure on manufacturers to keep prices of devices low, resulting in security being overlooked.

This is why a new approach is needed says, Grobman.

As well as the explosion of IoT, enterprises are increasingly reliant on new architectures in shared-service environments. For example, with the use container engines to provide services has changed how applications are secured.

Today, if a someone requires a web server, instead of creating a server and installing an operating system and web server software, service providers now deliver very small footprint containers that can run a web server on a minimal code base comprising of only the bare essentials needed. This reduces the threat surface significantly.

Grobman says "For the highly reputable service providers, they do a good job in running a security assurance programs to minimise the risks that there will be escapes from containers".

But he notes there have been hacks in the past that have managed to break out of virtual machines, so it's important to remain vigilant and continue improving security.

"Every time we've added a new security architecture, it eventually has vulnerabilities," says Grobman. "There's no reason to think we won't see issues over time".

As organisations embrace these new technologies, their risk position will change, and that will necessitate continual evolution. 

In addition, the ability for containers and virtual machines to be spun up, used and destroyed – sometimes in seconds – for specific tasks makes forensic detection and investigation more difficult. The same processes we are using to improve security can be exploited by threat actors to obfuscate their tracks

ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Gartner: Good talent put off by old tech
Technology now ranks in the top ten reasons Australian employees will leave their current role, according to Gartner’s 4Q18 Global Talent Monitor.
App downtime costs businesses over $700k per event
One hour of business-critical application downtime can cost larger companies $144,062.52 per hour, with an average repair time of over five hours.
Ingram Micro gives Cloud Marketplace an overhaul
Including a new UI, improved sales and marketing tools, and an API for integrating a partner’s own storefront, CRM and billing.
Aussies too lax about IoT security - McAfee
Aussie consumers are at a loss when it comes to securing the increasing number of connected devices in their homes and are often opting to take no action at all.
AU’s smartphone market suffers record decline
The smartphone market in Australia is going through some tough slog at the moment, but there is some good news on the horizon.
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.