UPDATED 15:00 EST / MARCH 18 2019

SECURITY

Phishing and nation-state hacking add tension to the threat landscape for cybersecurity experts

The key to a successful robbery isn’t breaking a window or short-circuiting an alarm system. It’s having the victim graciously open the heavily locked front door and letting the thief right in.

In the cybsersecurity world, email phishing is by far the most prevalent form of attack. According to a Trustwave Holdings Inc. study, phishing is the leading cause of attack in corporate network environments at 55 percent, with malicious insiders a distant second at 19 percent. And email phishing attacks, which often dupe the recipient into clicking on a malware link while thinking they are responding to a genuine request, are getting better every day.

The list of damaging breaches caused by a phishing attack is growing. The Anthem breach, which has been attributed to phishing attacks aimed at five information technology employees, resulted in nearly 80 million compromised records in 2015. The high-profile breach of Democratic National Committee emails in 2016 was triggered by a successful Russian phishing attempt. More than 1.4 million patient records were illegally accessed at UnityPoint Health last year through a phishing attack. And hackers breached a bank in Virginia not once, but twice to steal $2.4 million in a persistent phishing exercise.

Phishing emails used to be clumsy, rudimentary attempts to fool users. Not anymore. Recent attacks are successful because criminals can now realistically spoof URLs and email addresses while social engineering a message to look and sound like it is from a person the recipient knows.

“My CFO and I every week have some very sophisticated email that makes it sound like one of us asked the other to approve a check request,” said Michael DeCesare (pictured), chief executive officer and president of Forescout Technologies Inc. “They’re getting good. They know that I went to Villanova or that I’m a Phish fan.”

DeCesare spoke with Jeff Frick (@JeffFrick), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the RSA Conference in San Francisco. They discussed the need for visibility and control on networks, growing use of artificial intelligence and machine learning to combat threats, a wider attack surface being created by more connected devices, and the continued challenge posed by well-funded nation-state hacking. (* Disclosure below.)

This week, theCUBE features Michael DeCesare as its Guest of the Week.

Total device awareness

Increasing sophistication of phishing attacks and other forms of cybercrime have led the security industry to change its own tactics to defend against threats. What used to be a “perimeter defense,” where the enterprise castle and its valuable contents were protected at all costs, has now evolved into an assumption that at any given time, intruders are inside the firewall. The challenge is to find and neutralize them quickly.

Forescout contributes to the cause by offering total situational awareness of all devices on a given network and the ability to mitigate risk. Knowledge is power, and the company’s technology is designed to provide visibility and control.

“We have a front-row seat on watching customers that for decades have been unwilling to allow cybersecurity products to take action,” DeCesare said. “They’re turning our product on every day and allowing us to do exactly that.”

Meeting sophisticated attacks requires an equally sophisticated defense, and the cybersecurity world is beginning to embrace a more automated model that integrates AI and machine learning into existing products. Earlier this month, Microsoft Corp. unveiled its Azure Sentinel offering, a cloud-native, advanced-AI security information and event management tool. And Palo Alto Networks Inc. just introduced Cortex, billed as the industry’s only “open and integrated AI-based continuous security platform.”

These announcements and others in recent weeks are a reminder that the security industry must not only confront the rising sophistication of threats, but a shortage of people to deal with them as well.

“They’re trying to figure out how to augment the personnel staff they have with products to provide that level of intelligence,” DeCesare said. “You have to be willing to let your cybersecurity products take action on their own. Machine learning and AI play a very large role in that.”

500,000 infected routers

The trend toward security automation is an important one because network defense no longer simply involves the information technology ecosystem. The entrance of multiple, connected internet of things devices into the infrastructure has created more complexity as security managers must grapple with operational technology as well.

An example of the threat involved can be found in efforts by Russian hackers to infect 500,000 routers and storage devices globally. Symantec Corp, working with both Cisco Systems Inc. and the Federal Bureau of Investigation, posted information last year about a multi-stage malware attack, called VPNFilter, which was enabled by a broader OT-exposed surface.

“We saw that the world was moving from Linux and Windows and all of these basic operating systems, and there were only a few of them, to the world we’re in today where every TV has a different operating system,” DeCesare said.

The marriage of IT and OT extends to the home as well. During the past decade, many utility companies have installed smart meters, hardware that autonomously monitors energy usage and reports it back to the provider on a regular basis.

This enabled many utilities to move away from fleets of trucks and technicians who previously did this work, but it also created a newly connected landscape with its own vulnerabilities.

“Recognize that my house is the OT grid now connected back to the IT side which is billing,” DeCesare explained. “Companies want to do business online, but online means interconnectivity and interconnectivity means OT and IT connected.”

Hackers reach warp speed

That nation-states, such as Russia, are exploiting the emerging IT/OT universe should not be a shock. The rise of nation-state hacking has been a developing trend for several years.

Yet, the capabilities of nation-states appear to have shifted into a new gear. An analysis by CrowdStrike Inc. of the Democratic National Committee attack found that Russian hackers have become adept at “breakout speed,” the ability to escalate system privileges and expand access across a breached network. The time it took the Russians to expand quickly was a mere 18 minutes, according to the CrowdStrike study .

“The geopolitical stuff going on between the U.S. and China and Russia, that usually spills into the cybersecurity world and makes things a little bit more tense,” DeCesare said. “It definitely does not feel like the threat landscape is getting less challenging these days.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference. (* Disclosure: Forescout Technologies Inc. sponsors theCUBE’s coverage of the RSA Conference. Neither Forescout nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU