Back to the list

Doom'n'Gloom: What Threats Are Too Much For Informational Security

11 October 2018 18:47, UTC
Daniil Danchenko, Anna Zhygalina

Information security has a ginormous role when it comes to the digital economy. Let's remember Bitstamp, one of the oldest crypto exchanges that are still kicking. Back in 2015, they were hacked. And it wasn’t some super hacker operation straight from “Mr.Robot.” Simple targeted phishing attack combined with a social and network engineering gave it a “fat lip.”

By sending out the malicious doc. files to the exchange’s stuff hacker managed to get the exchange’s system administrator Luka KODRICH, that had direct access to the operational wallet of the exchange. Hacker made coffers of the Bitstamp lighter on 5 million USD (Roughly 19.000 BTC).

Private information, digital secrets, digital infrastructure - everything that was treated as bells and whistles for the last 10 years, ended up forcing dozens of super companies on their knees as infamous NotPetya did.

That's why infosec events are getting bigger, better and more impressive -  digitalization, even in the slowest, to accept infrastructures is growing, and those, that prefer to make a paper copy of everything is getting smaller each moment. So it is understandable that InfoSec role grows on a daily basis.

However, it’s far from being that easy. Dmitry VOLKOV, CTO of Group IB gave an extensive presentation during CyberCrimeCon, which explained pretty well that active virus lookout and disposal is not a priority for many companies. Simply because it’s not always possible due to the transborder limitation. Also, Dmitriy added that despite its absurdity, there are chances that specific topics are off limits for the investigators because of the governmental orders.

Which is a possibility this day. It’s now a common thing to blame IT issues on the malware planted by cyber saboteurs, rooted deep into the common subconsciousness. Cases when Russian or North Korean hackers are main culprits becoming frequent these days. Also, while it’s mostly common spy phobia, sometimes there are real reasons for that aside from politics.

However attacks on the digital infrastructure, perpetuated by spies are not something new, but just a tip of the InfoSec iceberg.

Within last two years - experts in the field had it rough and had to work without even a short breather; last year they had an epidemic spread of self-replicating viruses like monokai, BadRabbit, and infamous NotPetya. That's nothing groundbreaking, but the industry was not prepared and it ended up causing massive damages to various businesses, including very well protected ones.

After that - InfoSec got even more pleasant news, a new type of vulnerabilities got under the spotlight. Hardware vulnerabilities that are unfixable via software upgrades became a hot new thing in the industry. And it touches Intel, AMD and some of the ARM processors. The InfoSec was not ready for such turn of events.

Through just a year - this shaped into a whole bunch of issues, with no real solution at hand. Other than hardware vendor’s help of course! Which will take a couple of years at best or like five at worst - first they will need to develop processors with a different architecture that hopefully lacks some different vulnerabilities, then they’ll have to release it and finally sell it. Then people will "simply" need to buy new hardware and use it in their systems and servers.

Second hot topic - the safety of the firmware, BIOS, and UEFI. This is not a new thing, during the presentation, Dmitry VOLKOV pointed to earlies examples that date as early as 1998. But in 2013, this became a center of attention once again as possibilities for attackers grew exponentially.   

Those vulnerabilities are mighty fine troublesome due to the fact that it’s technically challenging to find threats like this and other than that - they are hard to weed out. Basically, a full wipe of the system and switching half of the system components do not guarantee that you’ve dealt with the problem!

There is also a new trend back home too! Attacks on the household routers and devices for keeping and transmission of data are on the rise too! They are almost always unprotected, and dealing with the numerous vulnerabilities that plague them is nearly impossible. Attackers understand that and actively focus on attacking them. But because of the fact that InfoSec companies focus on the developing countries and the threats that they bear - that is even harder, simply because hackers from the already developed countries have more resources at hand.

And don’t forget about attacks that cause real damage. Things that seemed like sci-fi not so long ago is a very real, well-formed trend on the market, Finances, energy sector, big events - everything like that is under a direct threat because of the tools that can directly damage the infrastructure.

So what is the prognosis? Pure Doom’n’Gloom! It’s obvious that hackers also read reports and researches about new vulnerabilities and in the nearest future, it’s safe to assume that we are facing a long and slow research process from the hacker's side, probing for a potential possibility to use attacks like that.  

And the sad thing is -there is no proper way to deal with those threats right now. In the InfoSec industry - there is no real way to prevent them as they don’t have the right tools for the job. And Dmitriy VOLKOV notes that it is true: “Current security solutions are not able to prevent attacks like this and at first, the industry will be forced to step back and deal with the aftermath of the attack first and tracing its source later. Furthermore, attackers that already have tools for placing backdoors in UEFI firmware are going to target motherboard producers” which is likely to solidify their stance on the market since like that they will be able to spread the malware to every client that downloads an upgrade.

Their second obvious target - companies that produce hardware for the governmental institutions, since that is a major "honeypot" of secret and sensitive data, valuable for the state-backed hackers. In the field, they are the link that will be attacked nonstop since they are producing components for the hacking priority targets.

It should be noted, that InfoSec markets are going to change a lot because of the major changes in the field. They will have to take care of personal “informational space”. This situation will change the existing paradigm of information security as it is known now.

If before that, everything was based around the assumption that they need to take care about devices and corporate networks, that clients use at work, right now, the industry will have to take household devices into account since they are also being used for work and form separate, pretty much unprotected infrastructure.