Crippling organisations’ ability to provide ongoing services or information has become a major thrust for cyber attacks in the last 12 months.
This new trend in digital attacks is sowing distrust, leading people to lose confidence in organisations and businesses, said Nicole Eagan, chief executive of cyber security firm Darktrace.
As examples, she pointed to the last year’s attack on the American Democratic National Committee where sensitive information was stolen to impact the United States elections.
There is also the WannaCry malware attack this May which shut down many British hospitals, inconveniencing thousands of patients who had to cancel doctor appointments and postpone operations.
Another new trend is the declining use of “brute force” to break into corporate IT networks. Instead of using all possible combinations to crack the passwords for a computer or server to steal information, malware is inserted into networks stealthily.
Cyber criminals’ techniques are getting sophisticated, according to Darktrace. Their malware infect corporate networks without creating too much “noise”, it adds.
Reports in the past suggest that organisations take an average of about 200 days before discovering the malware. It is reasonable to assume that their networks have already been penetrated.
Cyber attackers want their malware to go undetected for long time, perhaps to learn an organisation’s new plans, processes or business deals, according to Darktrace.
They may never steal data, they just learn as much as they can, probably for a unscheduled future attack, said Eagan who was a participant at last week’s Interpol World conference on cyber security.
The bad guys are also becoming creative in their attacks, she added. Citing a recent case, a hacker bribed an employee to include a fingerprint in a company’s security system.
The company uses a fingerprint biometric security system to control access to sensitive information. The false fingerprint allowed the hacker access to the corporate network where the information was kept.
In another example, the hackers wanted merger and acquisition (M&A) information. So, they hacked into the microphone of video conference equipment installed in a conference room. They knew when the discussions were held, and remotely turned on the microphone to listen in. This continued for several weeks before they were shut down.
Eagan also pointed out that cyber threats are no longer coming from pre-defined attacks. New threats are emerging from non-traditional IT equipment like medical and industrial systems. These systems are often ‘locked down’ which means any anti-malware system cannot be installed in them.
Attack surfaces have also broadened as more devices and machines like sensors and refrigerators are linked to the Internet, offering the cyber criminals more opportunity to launch their offensives.
With these trends, current techniques which are mostly about keeping the malware out of corporate networks may be outdated, said Eagan. Organisations have to remain open and be just as creative in fighting these threats, she added.
Cybersecurity is a red hot topic among organisations this year because of the loss of data, disruption to service and reputational loss. According to a recent Fortune magazine article, cyber crime cost the global economy an estimated US$450 billion in 2016.
Darktrace is among many cyber security startups fighting to protect businesses from an onslaught of escalating computer threats. Its products are based on artificial intelligence techniques to identify and block digital attacks.
Founded in 2013, the British company raised US$75 million earlier this week to grow its talent pool and for market expansion in Asia. It does not reveal its revenue but a media statement said its total contract value has hit US$200 million, an increase of 140 per cent from last year.
Much of this growth was in the US where bookings increased threefold. Globally, Darktrace’s headcount has doubled to 500 people in the past year. The Singapore office now has about 60 employees, up from just three when it opened in 2015.
