Whether it’s stealing oceans of personally identifiable information or holding major corporations for ransom, cybercrime is big business, dealing in big money. If you’re a CISO or other security professional, you have to deal with the aftermath of such attacks, but simply responding isn’t nearly enough. Addressing attendees at the RSAC Conference in San Francisco, Google threat intelligence VP Sandra Joyce called on the industry to take the fight upstream to the attackers and ensure they have a very bad day.
“Our adversaries are evolving,” said Joyce. “They have serious resources in play. We see this in a shift toward mass extortion groups, attacking hundreds of targets simultaneously.” She pointed out that in a typical attack, the group that achieves initial access hands off its gains to a secondary group that uses the cyber-loot. Since 2022, the time between that initial access and the handoff has dropped from eight hours to 22 seconds.
Cyber attackers are shifting away from opportunistic data sales to pre-planned partnerships, noted Joyce. And adversaries now rely on AI to further advance speed, scale, and sophistication.
Why Reactive Security Is No Longer Enough
“Intelligence sharing is not sufficient,” said Joyce. “We have to do more. As defenders, we must go upstream to disrupt the attackers. We must move toward a philosophy of active defense.”
Our goal is to shift the development ecosystem, to make cyber attacks expensive and risky.
Joyce noted that she’s not talking about “hacking back” against the attackers. “This is legal and ethical use of intelligence to protect our own platforms,” she said. “Our goal is to shift the development ecosystem, to make cyber-attacks expensive and risky.”
Inside Google’s Playbook to Disrupt Hackers
Joyce explained that Google’s approach to disruption relies on four pillars: civil legal action, public disclosure, technical takedowns, and product hardening. As an example, she pointed out the IPIDEA proxy, noting that it “facilitates botnets, creates consumer risk, and introduces vulnerabilities.” Google turned the tables by obtaining court orders that seized and shut down the command-and-control servers behind IPIDEA. After the takedown, telemetry showed a huge drop in traffic associated with IPIDEA.
Joyce also discussed the GRIDTIDE global backdoor attack. “Our response to GRIDTIDE was to create massive friction,” she said. “We didn’t just block their access to assets like Google Sheets. We dismantled their environment.” Joyce noted that the infrastructure for this attack took many years to build. With it gone, the hacking group is back to square one.
Recommended by Our Editors
Disruption Is the New Defense
Joyce explained that Google’s approach is not to wait around for an AI-powered attack. Rather, the company aims to leverage AI to make the entire ecosystem inherently more secure.
“For disruption to work, we must activate as an industry,” said Joyce. “Every disruption has to feed intelligence back into our defenses.” If the whole community participates, she noted, we can make the ecosystem hostile to future abuse. “Together we can finally break this whac-a-mole cycle,” she concluded.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Our Expert
Neil J. Rubenking
Principal Writer, Security
Experience
When the IBM PC was new, I served as the president of the San Francisco PC User Group for three years. That’s how I met PCMag’s editorial team, who brought me on board in 1986. In the years since that fateful meeting, I’ve become PCMag’s expert on security, privacy, and identity protection, putting antivirus tools, security suites, and all kinds of security software through their paces.
Before my current security gig, I supplied PCMag readers with tips and solutions on using popular applications, operating systems, and programming languages in my “User to User” and “Ask Neil” columns, which began in 1990 and ran for almost 20 years. Along the way, I wrote more than 40 utility articles, as well as Delphi Programming for Dummies and six other books covering DOS, Windows, and programming. I also reviewed thousands of products of all kinds, ranging from early Sierra Online adventure games to AOL’s precursor Q-Link.
In the early 2000s, I turned my focus to security and the growing antivirus industry. After years of working with antivirus, I’m known throughout the security industry as an expert on evaluating antivirus tools. I serve as an advisory board member for the Anti-Malware Testing Standards Organization (AMTSO), an international nonprofit group dedicated to coordinating and improving testing of anti-malware solutions.
Latest By Neil J. Rubenking
Click Here For The Original Source.
