Since the pandemic there has been a race to go digital, organisations and individuals alike. Remote working, remote learning, contactless payments, and online shopping has become the mainstay of our lives. While technology really helped us get through the pandemic, it came with a learning curve, the lack of awareness about dos and don’ts made many easy targets for hackers and hacking organisations. The rush to go digital exposed a lot of companies to cyber-attacks through ransomware, data breaches, and leaks. The Pegasus and Predator scandals also showed us that hacking now is a business and Politicians are also using the services of these companies for their own benefit. As technology moves ahead, the risk of cyber-attacks increases as well, to explain a bit more about the current cyber security scenario Siddharth Shankar from TimesNow speaks to Asaf Hecht, from CyberArk. Asaf manages one of the research groups in CyberArk Labs. He focuses on researching and discovering the latest attack techniques and applying lessons learned to improve cyber defenses. Prior to CyberArk, Asaf served for eight years in the Israeli Army, as a skilled helicopter pilot and as Team Leader for the advanced cyber-hunting team, an elite force that protects military top-secret networks and reveals APTs.Excerpts Siddharth: COVID saw businesses and consumers moving on to digitization. That was a big keyword. Every company wanted to jump on the bandwagon. Meanwhile, for consumers, contactless payments, using apps for ordering food, and anything and everything were through an app. Even my parents who would never use contactless payments, started using payment apps. And wouldn’t know which link to click, and which QR code not to scan. At the same time, we saw a lot of phishing activities, we saw a lot of identity theft, and we saw a lot of problems coming there. This was with the consumers and also with the businesses that did not have the expertise to move on to the digitization bandwagon smoothly. What is your viewpoint on the cybersecurity threats or the stuff that we have seen during COVID?Asaf: You are absolutely correct about the situation during COVID, We saw it in the entire world that people and organization go on digital and work from home like me today, and everything is going for the internet and there is also a paradigm shift. The legacy of the traditional perimeter is finished. When you have a company and you are in a physical building, you can secure this building with what is going out and where is the entrance and exit. Nowadays, everything is everywhere, and this is the need of the hour. The trends that you mentioned are correct. Also, contactless payment is also gaining popularity in countries like Israel. From bigger organizations to private ones to even individuals. From the youngest who thrive to use new technology to older people that don’t have other options because the bank or store in the neighborhood was closed because it converted online. However, there are a few things that we need to remember regarding the outlook toward risk, it’s different from the organisation side and different from the individual side of things.For individuals, I think awareness is important to everyone and every age. Having said that, I think there are some principles that are very important. For example, check your bank account and your credit card payment at least once per month. This is because there is a high chance of these kinds of things occurring without your knowledge. If you get scammed and phished and someone stole your credit card and pays for his desire. The most important thing for you is to detect it and then you can automatically alert the credit card company and also you will get a full refund from credit card company. The first principle, again simple awareness. The second principle is to check what goes out from your accounts and submit it for refund if something is wrong. The third principle, the normal public is not the target, this is a big difference between attacks on organisations and attacks on individuals. While I believe threat actors can attack everyone, everything, and every device, it is only a matter of how much time is consumed, the budget and what are they gaining out of it. I can imagine myself if I have a phone and I don’t think someone will want access to my phone, and it will offer him $10,000. I am sure it’s not. There is nothing important there. Related NewsWhile we wait for Android 13 to reach our devices, hackers are already trying to bypass Android 13’s security featuresSiddharth – Phishing and getting money out of people or crypto wallets are quite common, but lately, we have been seeing a lot of state-sponsored threat actors and we have also been seeing private companies which are actually working only on finding exploits, finding zero-day hacks and then selling it to governments and making a big chunk of money. So now this is probably becoming a business as well and a lot of them actually stem from Israel. What are your thoughts on this? Is this quickly becoming a business prospect for hackers? Asaf – I think it’s an interesting trend and I agree with it. In the recent decade, there are few private companies that are mentioning that they do is to develop technology solutions for gaining access and intelligence. I think that in Israeli Cyber intelligence, getting cyber intelligence or getting cyber access to a device or target, has been around for over two decades, and then what happened is the people who were in the army service, some of them completed their service and they still wanted to do what they did. Also, we need to remember that most of the usage of these technologies is for humanitarian reasons for anti-terror fighting and for making sure there is no major terror attack. The fact is that for 20 years, we didn’t have a devastating terror attack again (in Israel). And I think a major thing that helped this fact apart from other countermeasures is their demonstration is this kind of spying technologies that sometimes also comes from the private sector. The challenge and the problem emanate from how you make sure that these kinds of technologies are being handled and sold to the right target. This is a problem, but these are the two sides of things. The world I think needed this kind of spying company to make it a safer place, but the problem from the other side is how to monitor and who these companies sell to and even if they sell it to a government, maybe the government will say, yeah. We are going to use it on a valid target, but I think these private companies don’t really can audit, the usage of this third-party government.Siddharth – Back in 2011, Bill Gates had said that the next big challenge for the world will not be a nuclear war, it would be a virus. We had COVID and the whole world just stopped. Do you think in the future, a full blown war like the Russia-Ukraine conflict will not happen and it will be more cyber warfare?Asaf – I think there are more challenges, but I think cybersecurity issues are gaining more value because more assets are converting to be online and again, our daily things are online, and sometimes even from the army’s perspective, it’s easier to do something behind the keyboard and not blast anyone and risk your people going to war, I think it’s a future threat. While saying it, I think it’s also there is a balance that’s kind of the nuclear balance that both of the sides have nuclear power, so no one uses it. I think it might go to this one. Maybe the country could devastate the other country in the cyber war, but I think they understand that there might be attacks on the same power as well. It might be a threat that is above our head, but not really will be done with 100% power. I do think and we already saw that in a low power cyber attacks already happening right? Also, even in Ukraine and Russia conflict, Russia on the starting day of the conflict, wiped out hundreds of machines and denial of services attacks on websites in Ukraine and so on.Related NewsMalaysian Hacktivist group DragonForce issues a clarion call to other hackers to target IndiaSiddharth – Asaf now lately, we have seen Predator, we have seen ERMAC, Follina, and a lot of other malware or ransomware coming out. Why is this happening? We have the internet the knowledge is there, and the news spreads. Yet all these things are happening so much more today than say 5 to 10 years ago.Asaf – Yes, with the popularity of the internet and technologies and phone devices and everything is computerized, and I think that awareness and even the availability of knowledge is very easy to gain for everyone. Nowadays for example in Israel, already in school, you can learn things about the first degree of cybersecurity. There is more education, more knowledge that is easy to gain, and from the other side, there is more need for professional acknowledgment of cybersecurity, and of the vulnerabilities that still exist. The attacks are getting complex and we have seen that over the years, every couple of years, the main threat has been changing a bit. A decade ago, it was the malware on the endpoint, then it went through maybe devices or laptops and then the cloud, and nowadays, supply chain attacks after SolarWinds story, nowadays the supply chain attacks is really concerning everyone. I am sure that in 5 years, there will be other main focuses, also the target industry is will change. Nowadays, there are many new startups that were opened in the last two years with a sole focus on solving supply chain attacks, the threat is huge, and cloud and DevOps technologies are everywhere. As the years progress, there will be more new technologies, and there will be more trends. There are more products and every one of them is very complex and can not be developed without vulnerabilities as the human factor will always be there.As an example, the lapsus$ or phishing attack, will still probably work. It is really a problem, but again we should sleep well, there are cybersecurity vendors out there doing our best. For example, at CyberArk, we try to help organizations across the world and so it will be harder for attackers to achieve their goal also if they attack a company, the damage will be reduced a lot. They will not be at a total loss, and we also see this from the other side of your question, we see more attacking groups yes, and ransomware campaigns because they have money and there are more options for people and also to build an organization and a business. As an example, there is Conti, an attacking group that does ransomware mainly. It’s built like a regular company, there is human resources, HR, there is R&D, and there is a kind of marketing to make the tool available to a paying audience. Yeah, this is kind of the new world.Related NewsPegasus is not alone, Predator malware targeted Android users with five 0-day exploitsSiddharth – You mentioned the supply chain attacks. Now if the supply chain is crippled for a big company like say Samsung or Apple. It is going to cause a lot of damage and damage reduction will be the biggest thought once the attack has happened. What are the things they should keep in mind before an attack happens and after an attack happens to minimize the damage to them and their consumers? Asaf – Before the attack happens, we should make sure that our network is there in the most secure place and in the most secure state. There are many protocols and steps and standards. One of the main things is to secure privileged access security and secure identity security. Nowadays, it’s not only devices and laptops and phones, but also more of the identity that uses this computer in this form because it could be many identities on the same device, and multiple identities or specific identities could be accessing across multiple devices. We need to secure the focus on identity. How it has been authenticated, what it does and there are again many solutions that can help with this. I would focus on securing the identities and of course making sure to check all the standards.If we do the preparation right in stage 1, the damage will be limited because one identity will be compromised and one network will be compromised, but the sensitive database is on a different network and there is a segmentation in the network, and so on. If we did the preparation right then the damage should be limited, but still, we should also prepare for this compromise because it might happen at any time and we should also practice it. I think most organisations will suffer from this kind or another compromise, but good preparation will limit the damage when it occurs.Related NewsChinese hackers now using ‘Follina’, a Zero-day vulnerability in Microsoft Office against the International Tibetan communitySiddharth – What would your forecast be in terms of trends of security that we will be seeing in the future, like supply chain is one, next what could be it?Asaf – Interesting question. I think cloud will be major as nowadays cloud is a popular for the technology benefits and so on and I think now that cloud services are being used much more, the attacks on this kind of scenario will be more popular. Some unique specific services like database on cloud and SQL on cloud and virtual machine on cloud and things like this. Another thing I might say is the attacks in the future will be about machine learning and automation around attacking and automation around the discovery of vulnerabilities, open source is also a popular vector because nowadays because technology is so complex, we have several components on every product. Open source is also another vector.Related NewsHackers now using James Webb Space Telescope’s images to hide malwareSiddharth – During WWDC, Apple announced something about a passwordless feature. Do you think this is an interesting concept that will increase security?Asaf – Yes. There are several disadvantages of having a password. Of course, it’s hard to remember, people tend to use the same password for 2 different services and so on. The trend of a passwordless future, I think it’s good. Mainly it involves some other device or multifactorial with your phone. The passwordless thing is a good solution, From our vulnerability research, we saw after the authentication has been successfully done, it’s still a token or digital token or certificate that is being stored in the computer and a device in the cloud. After the authentication phase, the token is not really authenticated more. Nowadays there is a new trend of continuous authentication. You want to continuously authenticate the identity and what it does.
Source: https://www.timesnownews.com/technology-science/cyber-attacks-in-future-will-be-about-machine-learning-and-automation-around-attacking-and-discovery-of-vulnerabilities-asaf-hecht-cyberark-article-94010815
