Andrew Tsonchev, Director of Technology, Darktrace Industrial, writes that 2018 was another blockbuster year for cyber security and that the endless stream of data breaches shows no sign of abating.
If you sift through this daily churn of attacks, certain trends emerge. The motivation and methods of attackers are evolving, and the cyber security industry is changing with them. Looking to the next twelve months, we expect to see several key issues dominating the cyber landscape.
Also of interest: Will 2019 be any different to 2018?
Malicious AI: The bad guys get (a lot) smarter
Artificial Intelligence is disrupting a vast range of industries. Seemingly no aspect of our lives is immune from this new industrial revolution. Unfortunately, this includes the actions of criminals as well. Cyber security has always been about innovation - the smarter hacker finds a way in. But in the past there was a certain level of cost involved.
If you wanted to break into a business, and do it properly, it took time and effort. Attackers had to research their targets, find vulnerabilities, develop malware. This was a manual and labour intensive process. It’s why the highest level of cyber-attack has historically been the privilege of nation states – they are the only ones with the resources to perpetrate them.
AI is lowering barriers to entry and empowering start-ups around the world to deliver services at a previously inaccessible scale. Sadly, these benefits can cut both ways. This same power is beginning to be harnessed by the bad guys to allow them to perpetrate advanced cyber-attacks, en masse, at the click of a button.
We have seen the first stages of this over the last year- advanced malware that adapts its behaviour to remain undetected. Once we have full blown AI-powered malware in the wild, we will enter the era of a true cyber arms race. As early as next year we might see the first AI vs AI battles playing out across the internet.
Also of interest: Cyber extortion: to pay or not to pay?
Attacking Infrastructure: from theft to sabotage
The hacks that make headline news tend to involve staggering amounts of data theft; millions of individuals’ personal details get stolen every week. These kinds of attacks are prolific for a simple reason: profit. Stealing data is attractive because it is easily monetizable. There is, however, a more worrying kind of hack that has historically got less attention, and that is infrastructure sabotage. Rather than stealing data, hackers can turn off the lights, disrupt transport systems, and ultimately threaten our safety.
This is nothing new; over the past few years we have seen several high-profile cyber-attacks that affected manufacturing, energy, and shipping. But these attacks are suddenly on the rise. Last year the ports of San Diego and Barcelona were attacked with ransomware – compromising industrial devices can now allow criminals to ransom access to operational systems as well as data.
Geo-political tensions are shaping attacks in cyber-space, and nation states are now on high alert to protect critical infrastructure, such as energy grids, from well-fuelled international attackers. As cyber warfare capabilities become increasingly developed, the private sector, and ultimately individuals, will begin to feel the impact of this growing conflict.
Also of interest: Elections: manipulations, misinformation and misconceptions
Influence and interference: online trust in the era of fake news
The people who built the internet were engineers at heart. As a result the cyber-security industry likes to focus on technical challenges such as finding flaws in software code and analysing data to spot attacks. This is essential work, and remains key to our online safety. However, recent events around ‘election hacking’, influence bots, and the systematic spreading of misinformation online has drawn attention to a rather deeper challenge that isn’t really technical at all.
There is a fundamental paradox at the heart of cyber-space. The internet empowers individuals, and bypasses authority. Many of the great social changes that the internet has brought come from its disruption of traditional authority; anyone can post on Youtube, anyone can write a blog, anyone can build an app. Often anonymously. We rightly cherish this direct empowerment, and the privacy and anonymity that comes with it.
The internet is fundamentally not designed for accountability, and this means that those who wish to manipulate and mislead can do it online with relative ease. They can also do it at scale. Technical solutions may have a valuable role to play in addressing these challenges - we can write better algorithms for detecting malicious bots, and screening out fake news.
But we may have to accept that the internet’s ability to influence is inexorably tied to its ability to empower. Ultimately, manipulating the public discourse might prove to be a greater cyber-risk than the hacking of our devices. Controlling data may soon become more important than stealing it.
These three trends pull in very different directions. We are going to be facing more technically advanced adversaries than ever before, and at the same time more social, nebulous threats. Our data will continue to be stolen, but also manipulated. Our infrastructure will face attacks from both nation states, and organised crime alike. One thing is clear: the attack landscape is not getting any simpler, nor the attackers less ingenious.
Thankfully, huge strides continue to be made in developing network defences. 2018 saw the mainstreaming of AI for cyber defense, and the growing use of autonomous systems that can automatically combat hacks as they happen. It’s too early to call it, and we certainly can’t rest on our laurels, but it looks more likely than ever that the good guys can ultimately win.