Cyber #Criminals Are #Becoming Increasingly #Sophisticated, Says #Symantec CTO

Cybercriminals caused significant service disruptions around the world over this past year, using increasingly sophisticated methods to break through cyber defences.

In 2018, Nick Savvides, chief technology officer at Symantec expects the trend to become more pronounced as cyber attackers adopt machine learning and artificial intelligence to launch more potent attacks.

Reflecting on the WannaCry attack, which impacted more than 200,000 computers worldwide in May, Savvides believes that was merely a warm-up to a new year of more virulent malware and DDoS attacks.

While Australia was lucky to escape WannaCry, the attack did bring much-needed attention to risk cyber attacks pose to the critical infrastructure of Australian businesses.

“The WannaCry attack was limited in Australia due to the time difference. Essentially the outbreak occurred in Europe and the US while we were asleep, so protection was put in place with antivirus technologies to defeat the way it spread — that significantly limited its impact here,” he said.

Savvides cautioned that time difference may not provide local companies with a safety net going forward with AI and ML being used by cyber criminals to conduct attacks. So far, the AI and ML conversations have been focused on using these technologies as protection and detection mechanisms. However, this is changing as cyber criminals use AI to attack and explore victims’ networks, which is typically the most labour-intensive part after an incursion.

This means Australian businesses have a lot to do when it comes to cyber security, Savvides said, as WannaCry showed even sophisticated large companies fall victim to malicious cyber attacks.

“In general, email is still the primary source of infection. We see 8 billion emails a day, and it is the biggest vector of infections. Web-based attacks represent the next largest vector through which infections are transmitted — this is where people go to websites, and there is a ‘drive-by download’ exploiting the user’s browser to drop the malicious payloads onto their systems,” Savvides said.

“Humans are the final barrier, and I say this phrase frequently at work. No matter how much training we do there will be somebody who gets something emailed to them, and they will think it is relevant and important, and open it.”

Savvides said he regularly conducts social engineering training that helps explain what bad emails and the process of a targeted attack looks like to drive awareness. Moreover, he thinks businesses need to take a more proactive approach to educating their employees about cyber security risks.

He explained companies such as Symantec and the federal government via scamwatch put out timely information that educates the public on cyber security risks, but most people are unaware that such material exists.

“I do think businesses should take the lead and drive awareness with their employees. Ransomware is the fastest growing category in broad-based malware, and the reason is that it is hugely profitable for the cybercriminals — they make much money from this attack type, and is a gold rush mentality among the criminal gangs.”

Savvides thinks ransomware attacks will evolve in the coming months with cyber criminals specifically targeting businesses rather than consumers.

He pointed out that the WannaCry attack in May that disrupted the UK’s NHS hospital system was not the intended target.

“The intended victims were the people at home running their computers who would then go and pay the ransom because all their files would be locked up and they don’t have backups. Businesses that have effective backup regimes don’t pay ransoms. However, there are instances where companies do pay the ransom because it is a nuisance and time management issue,” he said.

“I think we will see more targeted ransomware attacks rather than indiscriminately encrypting files on an infective host. Cyber criminals will move into environments they understand then lock up important business-critical files. They will work towards being a very sticky infection by looking for backups files and removing or corrupting those files, and we will see much higher ransoms.”

“I can never recommend paying a ransom. If someone chooses to pay a ransom, they have to assess their circumstances. The best solution is not getting infected in the first place,” he advised.