According to the World Economic Forum’s 2016 Global Risks Report, cyber-security is recognised as one of the greatest threats to business worldwide, and the global cost of crimes in cyberspace is estimated to be $445bn. By 2021, cybercrime damage is estimated to hit $6 trillion annually. To put that in perspective, that’s almost 10 percent of the world economy.
The 2019 report went on to say ,”There were further massive data breaches in 2018, new hardware weaknesses were revealed, and research pointed to the potential uses of artificial intelligence to engineer more potent cyberattacks. ” Last year also provided further evidence that cyber-attacks pose risks to critical infrastructure, prompting countries to strengthen their screening of cross-border partnerships on national security grounds.
The explosion of global connectivity, the increase in the number of internet-connected devices, and the large number
of unregulated social media channels generating untrusted content have given cyber criminals many opportunities
to exploit organizations.
Speaking at the RSA Conference in San Francisco in April 2018, Secretary Nielsen said: “Cybersecurity used to be a problem reserved for the IT department. It was something out there that someone else handled. It was not my problem. Now it is a real-life, daily concern for parents, teenagers, teachers, small business owners, and beyond. Every facet of our society is now being targeted and at every level: individuals… industries… infrastructure… institutions… and our international interests.” Simply put, it is now everyone’s problem. And it is affecting our lives, our livelihoods, and our way of life.
Cyberspace has no national boundaries, has the potential for strong asymmetry and provides global reach for nation states, organised groups or individuals to mount an attack or use cyberspace for malicious purposes. Therefore cyber security agencies are making strategy for international collaboration with their allies and partners to fight cyber crimes.
The critical capabilities for cyberspace are threat assessment, intelligence, situational awareness, information assurance, and planning. The cyber security agencies are working to coordinate the disclosure of newly-discovered vulnerabilities so that developers can correct problems before adversaries exploit them.
In 2019, FBI report has warned that “health care organizations, industrial companies, and the transportation sector,” are also being targeted. Although the attack methodologies continue to evolve, with cyber-criminals doing all they can to avoid detection, the FBI highlights three attack techniques that are being observed: email phishing campaigns, remote desktop protocol vulnerabilities and software vulnerabilities. Mitigation includes ensuring operating systems, software and device firmware are all updated with the latest security patches. Data should also be backed up regularly, and the integrity of these backups verified.
In 2016, The FBI’s Internet Crime Complaint Center (IC3) posted a warning about ransomware. Then it was urging victims to report ransomware incidents to federal law enforcement to help paint a detailed picture of the threat. The threat landscape revealed has been a constantly changing one. The frequency of attacks has remained relatively consistent, but the nature of them has not. The FBI reports that the incidence of indiscriminate ransomware campaigns, such as evidenced by WannaCry on May 2017, has “sharply declined.” However, losses from ransomware have increased significantly as the attacks become “more targeted, sophisticated and costly.”
The FBI public service announcement also makes clear the stance of the Bureau when it comes to ransom payments: don’t. While the FBI sees the need for organizations to evaluate all options to protect the business from continued disruption and financial loss, it warns that “paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals.”
A worldwide cyberattack could cost global economic losses of almost $200bn as organisations across sectors are still unprepared to face the consequences of a malicious global cyber campaign. The report by the Cyber Risk Management (CyRiM) project — a collaborative partnership including Lloyd’s of London, the Cambridge Centre for Risk Studies, the Nanyang Technological University in Singapore, and others — uses a theoretical catastrophic ransomware attack to model the broader impact.
Cyber Security Warnings and Threat Intelligence
In light of rapidly evolving technology and cyber threat landscapes, increased availability of commodity and modular polymorphic malware, as well as open-source hacking and post-exploitation tools, governments and international organizations face significant challenges in ensuring robust and effective defenses in the cyber domain. While traditional approaches of detecting and mitigating cyberattacks have been successfully applied to protect networks and maintain cyber resilience, these approaches are primarily reactive and retroactive, rather than proactive
and implemented in advance of an impending cyber incident.
I&W has traditionally been focused on monitoring the behavior of potential adversaries on air, land, at sea, and in space. Today, warning intelligence incorporates a variety of threats and potential adversaries, both state and
non-state actors that can initiate activities harmful to U.S. interests across multiple domains, including cyberspace. This wide spectrum of actors, methods and scenarios is reflected in a broader definition of threats, including any “discernible danger” that can inflict potential damage “to U.S. or allied persons, property or interests that occurs
in a definable time in the future.”
Cybersecurity representatives from governments, international organizations, and the private sector have expressed concern with this method and a desire to enrich it by designing a more forward-looking, practical approach to provide indications and warning (I&W) – or actionable intelligence and monitoring of potential threats – sufficiently in advance to enable the early detection and reaction to cyber incidents before they occur.
Warning intelligence is an analytical process that serves to assess continuously and report periodically on any developments which could indicate that a state or non-state actor is preparing an action which could threaten U.S. security interests and the interests of U.S. allies, writes RAND report by Bilyana Lilly. It scrutinizes military, political or economic events, as well as other relevant and associated actions and developments or plans that could provide further insight into potential preparations for hostile acts.
The analysis is an assessment of probabilities and provides a definitive (positive or negative) or a qualified (high, medium, low probability) judgement about the likelihood of the threat should it be brought to the attention of a policymaker. Warning intelligence is an art that requires understanding and continuous study of the capabilities, culture, history, and biases of potential adversaries. It applies to routine continuous monitoring and in crisis situations.
BT first to share cyber-security data on a large scale and urges other ISPs to follow its lead.
BT has become the first telecommunications provider in the world to start sharing information about malicious software and websites on a large scale with other ISPs, and has urged UK broadband providers to follow its lead. This development sees BT alert other ISPs in the UK to any malicious domains associated with malware control that it identifies using its advanced threat intelligence capabilities. ISPs can then choose whether to take any action to protect their customers by blocking such harmful malware. US cyber Command has started uploading samples of the malware it discovers to a publicly-accessible website.
This allows us to mitigate a high volume of cyber threats before they have a chance to take hold and impact our customers. By sharing our malware data, we’re empowering other ISPs to provide their customers with the same level of protection, should they choose to take action,” said Mark Hughes, CEO BT Security.
“This is a fantastic initiative that will help provide broader protection of cyber threats facing the UK said Dr Ian Levy, Technical Director for the National Cyber Security Centre. “Networks will be able to exchange detections in real time so that UK citizens can be protected by their ISP by default and for free, as part of the National Cyber Security Centre’s Active Cyber Defence programme.
“This unprecedented level of sharing and exchange will have a positive impact across the whole security community by helping us to collectively understand our adversaries and reduce the impact of cyber attacks.”
BT has launched a free collaborative online platform to share its threat intelligence data across the ISP community in a secure and trusted way, as it continues its efforts to protect consumers and businesses from the global cyber-crime industry.
This is in direct response to an initiative led by the National Cyber Security Centre (NCSC) to enable ISPs to share detection events, as outlined in its new report – ‘Active Cyber Defence – One Year On’ – which details its ongoing efforts to disrupt millions of online commodity attacks against the UK.
BT has identified and shared over 200,000 malicious domains since initiating the sharing of threat information at the end of last year ( 2017). BT’s global team of more than 2,500 cyber security experts are currently preventing the delivery of 50 million malicious emails with 2,000 unique malicious attachments every month – that’s almost 20 malicious emails every second.
Domain Name System (DNS) filtering is a key plank of the Government’s Active Cyber Defence Strategy, and BT has been supporting this by automatically blocking tens of millions of malware infections which try to cross its infrastructure every week. Such action is preventing millions of BT’s customers from being harmed by malicious code and bogus websites. These everyday cyber threats can often result in the theft of personal data, financial losses, fraudulent activity and users’ computers being infected with ransomware.
BT has taken the step of sharing data relating to malware because it believes that the most effective way to bolster the UK’s defences against cyber-crime is through greater collaboration and the exchange of information. If other ISPs join BT in actively sharing threat intelligence data, this will help the entire industry to develop and strengthen a collective shield which will help to protect all customers by taking action within the UK’s communications networks.
BT combines threat intelligence data provided by the NCSC and its Domain Name System (DNS) security provider partners with its own data generated by its Cyber Security Platform, which uses big data analytics to proactively identify threats before they occur. This provides the business with a comprehensive view of the cyber threat landscape in the UK and globally.
In order to exchange this information with industry, BT has built a Malware Information Sharing Platform (MISP) which enables the data to be shared in a secure and trusted way with its partners and other ISPs. BT will also continue to share this threat information with the NCSC and with law enforcement organisations such as INTERPOL, as announced by the company in October.
U.S. Cyber Command Shares Malware Samples to Help Thwart Bad Actors
The U.S. Military plays an increasingly vital role in the prevention, detection, and response to online threats. That’s why USCYBERCOM has been embracing collaboration, both with political allies and members of the cybersecurity community. In a brief media release, USCYBERCOM stated that it plans to “share unclassified malware samples it has discovered that it believes will have the greatest impact on improving global cybersecurity.”
This week, the Cyber National Mission Force (CNMF) shared its first malware samples via the Google-owned service VirusTotal. Launched in 2004, VirusTotal allows users to upload files so they can be scanned for malware. The service simultaneously checks files using multiple detection engines. Today, uploads are scanned by 55 different anti-malware providers including Microsoft, Symantec, Intel Security (McAfee), F-Secure, Eset, and Crowdstrike.
Posting a sample to VirusTotal can help speed up response times to emerging threats. When a provider’s scan fails to detect a sample a malware, VirusTotal can send out a notification. Security engineers can then examine the threat and push detection updates to prevent outbreaks.
The first malware sample uploaded by the CNMF belongs to LoJax, a family of malware that exploits vulnerable versions of the popular anti-theft software Lojack. The LoJax attacks have been linked to the Russian threat actors known as APT28, Sofacy, and Fancy Bear.
In addition to its channel on VirusTotal, the CNMF has also set up a Twitter account. That wasn’t done to engage with the public. It’s intended as a notification service to let researchers know when a new malware sample has been uploaded by the CNMF.