Wednesday, April 3, 2013
Summary by Gaspar Modelo-Howard
Why do we, as cybersecurity professionals, go to work each day? Mr. Gebhart reflected on this question to start his presentation, suggesting a very clear and concise answer. It is to protect the many things and people that are so important to our lives. Security professionals need to protect the families from threats like cyber bullies or identity thieves, risks associated to financial information, attacks to the new business ideas and our critical infrastructure, and to help protect those that protect us, such as law enforcement and first responders. This is why a multidisciplinary approach, such as what CERIAS follows and to which Mr. Gebhart pointed out, is required to come up with the ideas and solutions to achieve our goal as cybersecurity professionals.
In the early days of malware, it could have been considered a nuisance. After all, there were about 17,000 pieces of malware in 1997 and for some people antivirus software could be updated every few months. But malware has been growing at a rapid pace. McAfee stores more than 120M samples of malware software in its database, up from 80M in 2011. The growth is also fast in the mobile landscape. There were 2K unique pieces of mobile malware in 2011, while last year it grew to 36K. And as the mobile market becomes more popular and we move from multiple operating systems to just two today, Google’s Android and Apple’s iOS, there will still be room for growth for malware. McAfee’s stats show that (1) Android is the most targeted operating system for malware, (2) many application stores for phones host malware, and (3) half of all iOS phones are jail broken.
Other trends explain the always changing landscape of information technology and therefore security. For example, the growth in the number of devices connected to the Internet and their changing profiles. There are approximately 1B devices today, and that number should reach 50B by 2020. People think about computers and phones when asked about which electronic devices are connected to the Internet. But there are many others such as automobiles, televisions, dishwashers, and refrigerators that are being connected every day, helping to put the control of our lives at our fingertips: how much energy we consume, what do we eat or how we communicate and with whom.
So today’s risks are more about the devices and data stored, rather than just malware, and everybody is at risk. At the personal level, there are always reports of attacks aimed at individuals. Mr. Gebhart recounted Operation High Roller that targeted corporate bank accounts and wealthy people by using a variant of the Zeus Trojan horse. At the business level, he talked about the incident known as Operation Aurora, discovered by McAfee Labs, where attackers were after intellectual property from 150 companies. It is also common nowadays to hear about state sponsored cyberattacks on businesses. For example, McAfee believes is one of the most attacked companies in the world (given their condition as both a security services provider and a consumer) as they see many, frequent attacks around the world, ran by well-funded, professional organizations.
One of the most concerning areas at risk is critical infrastructure and governments around the world show growing concern about malware. The Stuxnet malware seemed to come from a spies’ movie as it was created as a stealthy, offensive tool to cause harm. The Citadel trojan is another example of how incisive and targeted malware can be, attacking individual organizations, while also harvesting credentials and passwords from users. So the malware found nowadays in the wild is more targeted and automated, which explains the growing concern on highly important systems such as critical infrastructure. Additionally, the commercialization of malware keeps increasing. Hackers as a Service (HAAS) and off-the-shelf malware are too common now, so malicious code and people’ services are openly being sold.
Mr. Gebhart suggested that new partnerships are required to deal with malware; it is no longer only a technical issue. This pointed back to his early comment of dealing with cybersecurity in a multidisciplinary approach. An organization’s board should be involved and new strategies need to be created. Whereas malware used years ago to be a topic that would only include a mid-level business manager, now is a high-level management discussion topic everywhere you go. It is in everybody’s mind, with people not limiting the conversation to the technical aspects of an attack, but also talking about the impact to the business. Today, it is required to include those that make the decisions for the business in order to opportunely defend against malware and to plan for security.
Innovation is also paramount in order to successfully protect the systems and Mr. Gebhart mentioned several current initiatives. For example, companies are increasingly using cloud-based threat intelligence systems to deal with real-time and historical data, and at increasing quantities. McAfee monitoring systems receive about 56B events a month from 120M devices. Many of the events are hashed and sent to their systems on the cloud to determine if they are malicious or not, allowing McAfee to block (if necessary) similar traffic. The response capabilities have also improved, as now there exists the algorithms to classify the events, determining which ones to handle, and to respond fast.
The DeepSAFE Technology is another innovation example, coming from the partnership between McAfee and Intel. The jointly-developed technology serves as a foundation for new hardware-assisted security products. Today’s malware detection software sits above the operating system, whereas DeepSAVE will operate without such restriction and closer to the hardware, offering a different vantage point to detect, block, and remediate hidden attacks such as Stuxnet and SpyEye.
To close his presentation, Mr. Gebhart mentioned to not forget who we are working for and to protect the global access to information and the identities of our users. It is an exciting time to be involved in cybersecurity with the changing landscapes of information technology and security. Computing has come a long way in the last few decades but we still have to build the trust around it so people can confidently rely on computing.