Cyber criminals are stepping up their game with no signs of stopping. This includes launching more sophisticated attacks, yet on the opposite end, skewing simple in hacking tactics too.
Agency and private-sector information security experts examined cyber prevention tactics during the recent Federal News Radio panel discussion, Targeting Advanced Threats.
Bob Bigman, former chief information security officer at the CIA, said hacking is much more sophisticated than previously thought. One trend he’s noticed as of late is that there has been a dramatic increase in highly targeted attacks, especially against large financial institutions.
“They’re doing incredibly successful cyber intelligence collection, very successful cyber intelligence analysis of how the organization’s network is configured, knowing exactly what versions of what antivirus software they’re running and then crafting very specific APT [advanced persistent threats] against a specific individual, branch or part of that organization.”
Cyber criminals are adjusting so quickly and becoming so skilled that it’s become “an arms race,” said Darren Van Booven, chief information security officer and assistant chief administrative officer for the House of Representatives.
“As you come out with new and more advanced technologies to defend your networks, the adversaries are going to develop new and more sophisticated techniques to target you, as well as the malware that they’re developing in order to collect your data. So, being in 2014, I think we’ve gone through the initial stages…and we’re definitely at a more advanced state.”
New, old tactics being used by hackers
With multilevel targeting, hackers also are doing something new: they’re calling people on their home phones numbers, researching everything about a potential victim, and then actually dialing them up, Van Booven said.
However, even as the cyber landscape changes, some aspects stay the same.
Ben Rubin, director of cyber and information security operations at CGI, said simple attacks still happen and can be just as dangerous to agencies.
“When you have all the sophistication you have to weigh the balance of impacting business operations as well. And convenience is built into a lot of these systems for a reason – to enable people that aren’t necessarily computer savvy to get their jobs done easily,” Rubin said. “So a lot of the more simple attacks might be as effective, especially when you encounter agencies that have tightened the screws from a more technical perspective.”
That’s why more basic email phishing attacks, even, can be potentially harmful, he added.
Coordinated action to stop attacks
Lance Dubsky, chief information security officer at the National Geospatial- Intelligence Agency, spoke about how his agency is dealing with threat intelligence in particular. In this emerging area, he said, coordination is key to reducing risk.
Daily, he communicates with peers across the government and in private industry. “We ingest a vast amount of threat intelligence but we also use a variety of tools to better understand what we’re seeing,” Dubsky said. “I think partnership is the main thing. When agencies and industry communicate what they’re seeing, and then you apply the right sets of people, process and technology, you can buy down the amount of risk you face.”
On a fundamental level, the experts said during the panel, securing the network — or, in some cases, all networks — is critical. Tony Cole, vice president and global government chief technology officer of FireEye, added that agencies should make good use of the data feeds being collected, not just passively hold onto this information.
“There are a number of tools out there to minimize the time in the network,” he said. “You can have all the data feeds around the globe but you need to actually be able to take meaningful action around the feeds you get today. That’s very difficult to do.”