The main threats in 2018
The next stage is beginning in the arms race between cybercriminals and IT security specialists. With firewalls fighting off artificial intelligence attacks, companies need to strengthen their defences with AI-based systems.
Text: Andreas Heer,
It’s the not too distant future, and in a remote corner of the internet, cybercriminals are testing malware that tries out different lines of attack. If it succeeds, it mutates itself. Successful methods are saved in the code, and those that fail are deleted.
A few weeks later, a company’s firewall sets off the malware alarm. It has detected suspicious behaviour that indicates a previously unknown kind of cyber attack. The security software has taught itself to find such threats by analysing known attack patterns and identifying similarities with this new type. Welcome to the next generation of IT security that fights off “smart” attacks using their own strategies.
Scenarios like this are still some way off, however. The Swisscom Security Report lists artificial intelligence attacks in the second circle of its threat radar. This means that AI-based attacks will soon be a reality. “A new threat we have on the radar is the malicious use of artificial intelligence. This is used, for example, to launch smart attacks where traditional protective measures are ineffective,” comments Panos Zarkadakis, Deputy Chief Security Officer at Swisscom, in regard to this development.
Panos Zarkadakis, Deputy Chief Security Officer at Swisscom
But even today, artificial intelligence is already being used in the fight against attacks. Panos Zarkadakis cites the incident management system as an example: “A self-learning system can check incidents for ‘false positives’, thus reducing the workload of the security experts.” This is a typical use of artificial intelligence, namely pattern recognition.
And because there aren’t enough trained security specialists, anything that takes chores off them is a boon. A lack of expertise can certainly be a security risk if your own defence system is not adequately set up for present and future threats, or there are insufficient resources to respond to attacks fast enough. That’s why Panos Zarkadakis recommends using AI systems in a supporting capacity in cyber defence systems until the technology has really proven itself.
The biggest threat still comes from classic malware. Panos Zarkadakis has a plausible explanation for this: “The main threats that we identified last year are still around. This is often due to the nature of the threats, because they take years to develop.”
The Swisscom network confirms this theory: the most frequent unwelcome guest was our old acquaintance “Conficker”. This worm, also known as “Downadup”, has been around for ten years, generating about 40 percent of the detected “Call Home" traffic on the Swisscom network. About ten percent of this network traffic came from the ransomware “WannaCry”, which appeared on screens a year ago with its ransom message – railway information boards in Germany were affected, for example.
However, cybercriminals appear to be shifting their focus: “We’re seeing the trend that malware is increasingly being used to steal IT resources. One of the things it is used for is bitcoin mining,” notes Panos Zarkadakis.
“We’re seeing the trend that malware is increasingly being used to steal IT resources. One of the things it is used for is bitcoin mining”
notes Panos Zarkadakis.
Instead of extorting a ransom from the victims in the form of cryptocurrency, attackers prefer to mine it themselves.
The race between attackers and those trying to stop them continues apace. But how can companies react to these changing threats? Security expert Panos Zarkadakis has a clear recommendation: “The best protection is to study and know the attackers and their methods. This can be done with threat intelligence, and with detection and response capabilities. Also, as part of their digitalisation strategy, large companies should develop and extend their AI and machine learning skills. The focus should be on Cybersecurity.”
How exactly can an infrastructure provider like Swisscom help protect customers from cyber attacks? Cyrill Peter, head of security for key accounts, tells us how.
This might be a rhetorical question, but how important is the issue of security for Swisscom?
Cyrill Peter: As a provider of critical infrastructures, security is obviously an essential topic to us, and we are investing heavily in this area. It’s not only about protecting our own infrastructure, but also the security services we offer our customers. For this we employ more than 100 security specialists in Switzerland and have also created the necessary structures such as a 24/7 Security Operation Center.
To what extent do Swisscom customers benefit from our own experience?
As a Swiss provider, we know precisely which dangers are present and which attacks are currently happening in Switzerland, and we can take action quickly. Our customers benefit very directly from this. For example, we discover many phishing sites much earlier than most vendors of anti-virus and anti-phishing software. This means we can protect Swiss customers faster and better.
And what specific form does does this benefit take?
On the one hand, we make sure that all our services come with a high level of integrated basic protection. On the other hand, we offer probably the widest range of managed security services in Switzerland, and our business customers can use them as required. Also, we constantly update our security services to keep up with the latest threats. Last autumn, for example, we launched the “Threat Detection & Response” service, which is designed to detect and fight off cyber threats at an early stage.
More on the topic