Crypto-mining vs ransomware – a difference you should know!
February 14, 2018
Ed Moyle, Director of Thought Leadership and Research for ISACA, shares his thoughts ahead of TEISS2018, on the current and future challenges in the world of cyber security and whether technology is doing anything to solve them.
Current risks in cyber security
Cryptocurrency and ransomware
Moyle feels that an interesting dynamic is happening in the threat space with respect to cryptocurrency mining and ransomware.
What is interesting from a hacker's perspective, he points out, is that both cryptocurrency mining and ransomware occupy the same ecological niche. So if you're going to attack somebody, what do you do with that resource - being their machine - when they've successfully infiltrated it?
He says there are two options: "One thing you can do is apply some type of ransomware software which will force the victim to pay you. Another option is to put in a cryptocurrency miner where you use their computing resources to generate money for you over time."
Interestingly, the two options have different profitability dynamics.
"If you're going to do ransomware, you're going to make potentially a sizeable amount of money for a very short period of time. Whereas if you're going to put a cryptocurrency miner in there you might make less initially but because it's hard to detect, it might linger longer," he says.
Moyle thinks that understanding those two options is important because you would need to plan for and respond to them differently.
Over the past couple of years, we have seen quite specific attacks against the segmentation model within cloud. Moyle attributes some of those to Meltdown and Spectre, but we have since seen Flip Feng Shui (FFS) which is a type of attack where you are able to change individual bits of memory across a virtualization boundary.
This means that if you are in a multi-tenant cloud, you can manipulate the memory space of other workloads that might be on the same cloud as you.
"What I find interesting about this – is often when you are talking to segmentation practitioners – they are rarely thinking about segmentation attacks. So that's an area for security architects to build in additional defences," he states.
Is tech providing solutions?
Moyle states that security tends to be underfunded in organisations.
"They’ve almost reached a point where they're investing to a degree that solves the immediate problems but very often organisations don't plan beyond a quarter or two," he explains.
High profile breaches , as we have seen recently with Equifax and Uber, are becoming more common. Moyle says this is because organisations are more connected now than ever and the threat landscape is more complicated.
"More energy should be invested into thinking how AI can potentially help you and make it economically advantageous for you to get additional value from the resources," he advises.
Moyle is positive about the advances in Quantum Computing and believes it could answer a lot of problems that the security community has had for years. "However, while enhancing security, it also undermines some of the plumbing that the security community has had in place for a long time," he says.
Blockchain is a potential game changer, according to Moyle, in that it has mechanisms built within it to enforce certain security properties like integrity and non-repudiation.
Moyle explains: "I do think though that a lot of the commercial applications have a lot to learn from the cryptocurrency community about how to do this in a robust way. For example, the system itself is only secure to the degree that no individual adversary or person who wishes to subvert the system has access to a plurality of CPU time."
Future risks in cyber security
Moyle worries that future attacks will go beyond a money-making quest. "We are already seeing theoretical ransomware attacks on biomedical devices like pacemakers and insulin pumps," he says.
"The threats extend to flight control, driverless cars, automated and satellite systems, and you start to think it’s not unreasonable for assassination attempts,” he adds.
Moyle is looking forward to connecting with businesses at TEISS2018 and finding out what practical solutions people are adopting to tackle cyber security.
TEISS2018 will see Ed Moyle, Director of Thought Leadership and Research for ISACA, chair the Data & Technology panel.
Cryptomining operations infected IT networks of ten times as many organisations compared to ransomware infections in 2018 but only 16 percent of IT security professionals consider cryptomining as the biggest …