‘Failure of the imagination’: Malwarebytes on WannaCry and future of cybersecurity
THE world reeled when the WannaCry ransomware attacks brought some of the biggest global brand names to their knees.
A relatively unsophisticated virus, strapped to a high-level hacking software developed by the United States National Security Agency (NSA) locked up user data of hundreds of computers across the world. Notably affected was the United Kingdom’s National Health Service (NHS), who had to turn away surgery patients rather than risk their lives.
— Malwarebytes (@Malwarebytes) June 6, 2017
Though the scale of the attack was the major talking point for pundits globally, the WannaCry attack was notable as it represented a moment in history where cybercrime is beginning to enter the mainstream. The last few years has really charted a significant turn to digital databases and communities, and cloud computing, but its darker, most dangerous effect is the fact hackers and cybercrime actors are creating increasingly sophisticated viruses lurching beyond the capabilities of anti-viruses, which Malwarebytes senior vice-president of worldwide sales and business development Thomas Miller says is becoming last-generation technology.
“The name of the game is that sophisticated, advanced malware is designed to penetrate single layer or even shallow layers of defense,” Miller says. “So security products with last generation technology are pretty easily defeatable by a good malware writer, but the next generation technologies are significantly harder.”
“Everyone is looking to become increasingly digital, and I think it’s fantastic,” says Malwarebytes Asia Pacific Region area vice president and managing director Jeff Hurmuses.
“But you don’t want to open up the playing field for cybercrime, which is the other side of making everybody connected.”
Miller and Hurmuses got together with Tech Wire Asia to talk about the recent WannaCry ransomware attacks and the way cybersecurity is evolving to deal with increasingly sophisticated malware writers.
Ransomware viruses, like the one that crippled the NHS, have proliferated over the last few years, largely due to its seamless automation. Malwarebytes’s 2017 “State of Malware” report noted 400 variants of ransomware were registered in only the fourth quarter of 2016, and the number is not likely to fall any time soon.
Hurmuses says hackers are beginning to notice how lucrative ransomware can be, which is why criminals are still largely focused on targets in North America and Europe, where profits can be larger because a US$400 sum would mean a lot less in those locations than it would in Asia.
This is not to say Asia is not a target, but maybe in the future, as Hurmuses predicted.
The good news is that cybersecurity innovators have largely kept up with the rapid changes in cybercrime to provide better protection for their customers. “What the hackers will try to do is change enough of the [virus] code that they can evade detection from systems running basic levels of security,” he explains.
“Advanced programs, like Malwarebytes, have multiple defeat mechanisms and layers of defense.
A ransomware has to communicate to be successful, and if you can block their communications, you can defeat the hacker.”
Most cybersecurity companies have moved far beyond the days when free anti-virus programs were deemed “enough” of a firewall against hackers. Now, artificial intelligence or machine learning or “anomaly detection” technology have become baseline essentials for next generation security products. These new technologies can track behavior patterns of viruses as malware writers will usually write programs that “[behave] in certain predictable ways,” according to Miller.
One of the biggest challenges IT teams face is the sheer scale of data they have to trawl through, as well as the time wasted determining the nature of a piece of malware.
“IT security teams are struggling to see what is happening in and around their IT infrastructures,” according to Forbes.
“With machine learning, that mountain of data could be whittled down in a fraction of the time, helping organizations quickly identify and then mitigate a security incident. Artificial intelligence could be a game-changer for security teams.”
By using relatively simple but highly effective machine learning software, Malwarebytes is able to prevent billions of attacks from happening in the first place.
“If we look at the behavior of that program as it’s executing, we can behavioristically determine if its ransomware,” Miller says.
“We have technology that can do that, and we have technology that can simply match the class or the variant class against the database and that can be blocked as well.”
Malwarebytes’ innovations in cybersecurity are a mark of the sea-change the entire cyber industry is undergoing. Though large swathes of the world still remain unaware of the tools available at their disposal, cybersecurity experts have been surging forward to produce tools that can understand the nature of the infected computers, the rates at which devices are being attacked and even geo-locate each incident.
Programs by Malwarebytes can collect “opt-in” customer data, which can help the company determine where, when and why an attack is happening using big data tools. “They’re really powerful…with the capacity to process billions and billions of data records in a real-time basis,” says Miller.
“Once you get a handle on it, you can do really cool things like display the spread of an attack, and literally see it spread across a timeline.”
Such information can be integral to ensuring that the company knows where to invest more money, and what innovations are central to ensuring the security of their customers. However, on a more basic level, much of the work of preventing cybersecurity attacks from happening still lies largely in the hands of the individual.
Hurmuses travelled throughout the Asia Pacific region for six to nine months, and after speaking to many businesses and individuals, he realized many people were still largely unsubscribed to the notion the cyberworld is the new frontier for crime.
“People are just not aware,” he says. “They have no concept the threat of attack has changed.”
Miller says for much of the public, there’s a psychology of “well, it won’t happen to me” that is quite pervasive, leading to many people to underestimate their cyber vulnerability. That “failure of the imagination” to see the potential of an attack is what leads a lot of people to understand their own vulnerability. By failing to imagine such an occurrence, people also fail to prepare for its aftermath.
“Once [you have experienced a cyberattack]…finally you realize the little hassles of backing your data up is worth it, compared to the pain associated with the loss of data.”
“We were all guilty in the evolution of dealing with this problem.”
The NHS certainly felt the pain of failing to backup or update their operating systems’ cybersecurity; the state health care service was reported to be running 90 percent of its trusts on Microsoft’s unsupported 16-year old operating system. Partly due to the fact Microsoft only provides comprehensive security services to its paying customers, and largely due to the lack of diligence on the part of the NHS, the WannaCry hackers were easily able to bring the entire organisation to its knees.
“It’s kind of the same thing we’ve been saying for years,” Miller says. “Patch your systems – if your system was patched, this WannaCry exploit would not have gotten through.
“Don’t be culpable, don’t add to the problem by clicking on links and going to sites and ignoring warnings, and seeing agreements pop up, and installing everything. A lot of bad user behavior contributes to the problem.”
Unsure what a "Supervised" machine learning cybersecurity platform looks like, and does, in actuality. Watch this. https://t.co/oTZPT9GvkW
— Paul Ferrillo (@PaulFerrillo) April 30, 2017
He also points to the fact many people still occupy the mindset cybersecurity is not worth paying for. It’s a culture that needs to be changed, as free anti-virus programs will not survive the onslaught of the next generation’s cyber attacks.
“You have to be prepared to spend a little bit of money on this problem. If you’re a consumer, it’s not a lot of money, and it’s multiple layers of technology, working together as a unified product that should keep you safe as long as you keep it up to date.
“You should stop thinking about the last-generation stuff, or the purely free stuff, and start making sure you’re looking at companies that are making the necessary investments, and deploying multiple layers of defence technology. You’re going to have to deal with that.”