Page 45 - Cyber Warnings
P. 45
Developing an immunity to cyber-crime
How new machine learning and mathematics are automating advanced cyber
defense
By Dave Palmer, Director of Technology, Darktrace
Overview and background
Do you know that more than 200 days can pass before a company realizes its firewalls have
been breached and critical systems compromised? Conventional security breaches such as
information being stolen or websites defaced are a thing of the past.
Instead, the real danger today are the quiet and unseen attacks – or insider threat – where
attacks are perpetrated from within the organization, either inadvertently or with ill intent, and
systems are altered at will or kill switches installed and ready to be activated.
Many high-profile headlining breaches, from the leak of the Democratic National Committee’s
(DNC) network to the recent Dropbox cyber-theft of 68 million passwords, display familiar
characteristics of insider attacks. Instead of an immediate impact, the malware operates subtly,
gathers information and waits for the correct moment to strike.
In the case of the DNC breach, the hacker capitalized on Windows vulnerabilities and remained
in the network for close to a year, outwitting all detection attempts by allegedly relocating a
Trojan from one machine to another.
With the Dropbox password hacks, the attack stemmed from a previously discovered theft of
email addresses in 2012 – where the hackers managed to surreptitiously siphon passwords for
years through a compromised vector that was thought to have already been patched and
secured.
It is especially concerning that cyber-criminals succeeded in the above instances despite the
deployment of advanced cyber-security software and policies. Clearly, a new era in cyber
warfare has begun where machines are fighting other machines across the digital battlefield,
and sophisticated criminals and attackers are ready to pounce at any opportunity.
Legacy approaches are not working
Existing tools are failing to deal with this new threatening reality because traditional approaches
rely on being able to pre-define the threat in advance by writing rules or producing signatures.
45 Cyber Warnings E-Magazine October 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide