Traditional cyber security defensive technologies are being developed with a more offensive capability.
Cyber security is maturing, both as an industry and a technology. In recent years, the headlines have been full of major attacks, breaches and compromised data integrity. The result is both a loss of public confidence and billions being lost to organisations both large and small.
The outbreak of cyber-crime, cyber terrorism and cyber warfare has been an unexpected and unwelcome consequence of the combination of many technologies. The ubiquity of high-speed global connectivity, coupled with increasing internet commerce and trade, sadly meant that it was inevitable that crime would follow.
Cyber-crime once distilled down to its most basic concept is actually a technical and technology challenge. Technology is being used inappropriately and therefore technology itself can be used to remediate the issue. Well, that’s the theory and technology vendors have been throwing their expertise into a raft of measures to stem the tide of this crime wave.
Their success in both technological defensive terms and raising awareness has been high. Yet still, in 2018 four in ten businesses in the UK and two in ten charities have experienced a cyber breach or attack.1 The criminals are still winning. But why?
The global cyber security industry is predicted to reach $164 billion2 by 2024, and the vast majority of this will be set around defence. Obtaining early warning of potential attacks, securing networks, plugging software vulnerabilities, implementing strict access control and ever strong authentication methods are all going to be key to keeping the cyber criminals at bay, but if the recent history of cyber-crime teaches the collective IT industry anything, it is that the game of digital cat and mouse will continue.
But what if there was another approach? What if technology could go on the offensive and identify, in real time, the source of the attack. What if technology could pinpoint and reveal the geographical location of the individual, or groups of criminals who are fraudulently syphoning off vast quantities of money and data from the global economy, or trying to illegally disrupt democracy? This is where the leading edge of cyber security technology is headed, and it’s called cyber forensics.
The basic premise is that as an organisation comes under attack offensive technologies can divert that attack into an “electronic sinkhole” – so that the perpetrator believes their attack is working – whilst covert technology identifies in explicit detail who the criminals are, where they are operating from and the toolset and domains from which they are launching their attacks.
Cyber criminals have devised methods to hide their true identities when registering and managing the internet domains from which they launch their attacks. They do this using domain registrars who provide high levels of privacy controls. However, these sophisticated offensive forensic technologies have the ability to burrow through these domain registrars filters and obtain the true ownership of a privacy protected domains. This then allows for the name, email address and contact details of the true owner to be obtained. These details can be cross referenced against social media data and other public sources to build a body of evidence that can allow Law Enforcement agencies to take action.
Complementing this is also some of the world’s most granular IP geolocation tools, that can determine the physical location of the IP address that is being used to launch or sustain a cyber-attack. The resolution of this IP geolocation data can be accurate to 1m, allowing a firm estimation of the physical location of the equipment undertaking an attack to be obtained. Again, cross referencing this with widely available global mapping data, such as Google Earth and Google Street View, can assist in undertaking more traditional forms of surveillance and ultimately arrests and prosecutions.
Toolsets like these for real-time and post-event investigations have not been packaged and made available to the market before. In fact, the company behind these tools, HYAS, who partner with SCC in the UK, have received multiple security accolades including the highly prestigious FBI Directors Award of Excellence. This award was for the role of HYAS Founder, Chris Davis, in taking down one of the world’s largest botnets. Botnets can be used to perform distributed denial-of-service attacks (DDoS attack), steal data, send spam, and allow the attacker to access a device and its connection. He is one of only three civilians in the history of the FBI to be honoured in such a way.
If used in combination with Security Information Event and Management (SIEM) toolsets and services, cyber forensics fully builds out a comprehensive and multi-faceted cyber security methodology. It is destined to become the normal mode of operation for organisations that form part of the UK’s critical national infrastructure.
Cyber security is now at a tipping point, moving from the purely defensive technologies and techniques of today, into the realm of a more holistic combination of awareness, defensive and offensive technologies. The WannaCry ransomware outbreak, that cost the NHS £92m with over 19,000 appointments cancelled, allowed all public sector organisations to bear witness to the dramatic and damaging effects that a major cyber-attack can have, and therefore their obligations to ensure that they do everything in their power to prevent anything similar from affecting their own organisations. Cyber forensics can assist greatly with that requirement.
1 Cyber Security Breaches Survey 2018 : Department For Digital, Culture, Media And Sport.
2 The Cybersecurity Market will be worth US$164 Billion by 2024.
The SCC Innovation Group is dedicated to the development of new products and services. We have a vision, a view of the market, an ability to see what others don’t; from new services to the very latest technologies. We add real business value to our customers and turn great ideas into reality.