UPDATED 15:21 EDT / FEBRUARY 26 2020

SECURITY

In a never-ending war, security experts battle malware, deepfakes and nation-states

The Soviet revolutionary Leon Trotsky once declared, “You may not be interested in war, but war is interested in you.” And make no mistake about it, the current cybersecurity world is all about war.

That became rapidly apparent after only the first two days of the annual RSA Conference in San Francisco this week, where attendees heard from security experts on a litany of attacks, intrusions and failed defenses in cyberspace. It’s hackers versus the hapless, deepfakes, increasingly sophisticated malware exploits and nation-states intent on surreptitiously stealing as much as they can.

War is a story of victors and the vanquished and there was a clear feeling of battle fatigue in the RSA halls this week, as beleaguered security researchers sought to find ways to change the narrative.

“No wonder we’re depicted in the media as losers, because all we share are our losses,” Rohit Ghai (pictured, below), president of RSA, said during his opening keynote address Tuesday. “All hackers are technical sorcerers, and we are hapless techies. The story we want is a business story of cyber resilience.”

rohitghai-rsac2020-1

New malware techniques

Generating the kind of story which the RSA president desires will be a challenge. Research offered by security experts at the conference this week pointed to two clear trends: Attackers are learning to stay silent inside systems for weeks or months at a time, and many are using tools already inside the network to defeat attempts to kick them out.

An example of that can be seen in GoGalocker, a ransomware variant. On Monday, researchers from Symantec Inc. presented evidence that attackers are changing tactics in how they infiltrate systems. The approach is less “spray and pray” and now more targeted and exploratory.

Symantec’s research found that GoGalocker used espionage tools and publicly available software to stay hidden inside a victim’s network.

“They were patient and they learned the environment,” said Jon DiMaggio, security researcher for Symantec. “It’s very different behavior than what we have seen in the past.”

Deepfakes getting better

Rapid advances in artificial intelligence and machine learning techniques are also fueling the rise of deepfakes, encompassing both video and text. Researchers from McAfee Inc. presented an analysis of how deep learning and Generative Adversarial Networks or GANs are enabling photos and text so realistic that it’s becoming virtually impossible to distinguish real from fake.

One engineer has pursued a personal project to demonstrate how AI systems developed by computer chip maker Nvidia Corp. can generate fake photos of cats and humans by launching dedicated websites with these images. There are a number of tools now that can create highly believable paragraphs of machine-generated text as well.

McAfee is developing a deepfake detection framework, according to the researchers, using computer vision and deep learning techniques. However, no specifics were provided as to whether major social media platforms have begun using tools to spot false content.

“AI is clearly augmenting the attacker and the defender,” Ghai noted.

rsac2020-3-crop

IoT fuels botnets

In addition to patient ransomware attackers and creators of fake media content, cybersecurity is also being confronted with a troublesome “internet of things” issue because the Mirai botnet is mutating. The malware, which infects smart devices and can launch widespread distributed denial of service or DDoS attacks, leveraged 100,000 hijacked IoT devices to bring down domain registration services provider Dyn in 2016.

The botnet has spawned a number of variants and continues to feed off the stream of IoT devices which are coming online. While TrendMicro security researcher David Sancho scoffed at the notion that an internet-connected Barbie doll could wreak havoc on the world, he also warned that routers remain the more dangerous player in the botnet game.

“I think your Barbie dolls are safe for the moment,” said Sancho. “Your routers? Not so much. The main enabler is Mirai.”

In an analysis of “honeypot” data, gleaned from computers or systems that mimic likely targets of cyberattacks, security provider F-Secure Corp. found another disturbing trend. Linux malware has officially replaced Windows as the attack platform of choice. That has been partly fueled by Mirai and its growing influence over IoT devices, according to Mikko Hypponen, chief executive officer of F-Secure.

“This is IoT asbestos,” Hypponen said during a press briefing in San Francisco on Tuesday. “It will be coming back to bite us like asbestos.”

Photo: Mark Albertson/SiliconANGLE

Photo: Mark Albertson/SiliconANGLE

Active nation-state threats

The cybersecurity community has also been grappling with a highly active nation-state threat landscape and that was a prominent topic of discussion at RSA this week. Earlier this month, a federal grand jury returned an indictment of four members from the Chinese Peoples Liberation Army for hacking credit reporting agency Equifax. The massive breach affected the personal data of approximately 150 million U.S. citizens.

“The Chinese are still in ‘let’s steal everything’ mode,” said Stewart Baker, partner with Steptoe & Johnson LLP and former assistant secretary with the Department of Homeland Security. “The Iranians are in revenge mode. And the Russians just want to screw us up.”

China is very much on the minds of cybersecurity experts at RSA this week. A key concern remains the growing position of telecom giant Huawei in the 5G next-generation wireless deployment market.

The nation’s record of cyberattacks and domestic requirements for companies to share data with the government have raised fears about the use of Huawei’s technology in mobile broadband. Huawei already holds a number of key patents in 5G technology, and deployment of the new wireless standard will be expensive. Recent reports have indicated that Chinese banks are offering favorable financing deals to help propel Huawei’s position with international carriers.

“For the trajectory we’re on, it’s headed Huawei’s way and it won’t be good,” said Art Coviello, a partner with Rally Ventures and former president of RSA. “The U.S. looks at the tech industry with great pride and benign neglect. It’s high time that we counter what China does and have a concerted effort to help the U.S. tech industry.”

The upshot is that the cybersecurity industry is currently caught in a tough position. Between a rising tide of cyberthreats and lack of clear government policy to support counter-initiatives, the industry’s most prominent voices are sounding the alarm bells using language that sounds very much like war.

“When is the cyber ‘Pearl Harbor’ going to happen?” asked Alex Stamos, an adjunct professor at Stanford University and former chief security officer at Facebook. “That’s effectively every Tuesday. The nerds inherited the earth, we are being taken seriously and the stuff we build is important.”

Photos: Robert Hof/SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU