cancel
Showing results for 
Search instead for 
Did you mean: 

Will the arms race ever end?

Level 9

In my fourth post in my tenure as Thwack ambassador for June, I thought I would talk about what appears to be the never ending battle between good and bad. If I can get to the end without mentioning 'cyber' more than that single reference and various different coloured hats, then my work here will be done. The purpose of this post is to hopefully spark some discussion around the topic and I would love to hear what your take is.

Attacks on computer systems are nothing new. The web is full of stories of viruses that seem to go back further and further in time, the more you look. The first I am aware of is the creeper virus, which was realised on ARPANET way back in 1971, before even this oldie was born. Over forty years later and the anti virus vendors have still failed to deliver adequate protection against viruses, trojans, worms and other similar bad things that I will bundle together under the label of malware. The problem doesn't just stop at the deliberately malicious code. Software bugs, interoperability issues between different systems, 'helpful' developer back doors. It seems that no longer has one attack vector been patched up, than another 100 fill its place. Technology has for the longest time been used by both sides to get a leg up on the other.

The fact that technology and our pace of life is advancing at an ever increasing rate means that this cycle is getting ever more frequent. Personally, I feel that this is one of the key reasons why it will never end. That sounds a bit depressing but I am a realist at heart (often confused by the rose tinted spectacle wearing brigade as a sceptic) so I strongly believe that if you follow a number of best practices, some of which I highlighted in my first post (Defence in depth), keep up to date with relevant industry news and events and have a good internal culture including all staff being bought in, good documentation/processes and buy-in from the top down and we work together as a mature community, we give ourselves a better chance of being protected. It's not unreasonable to state that the majority of drive-by attackers will give up and move on if you present a big enough obstacle to penetrate. If you don't offer any real defences though, thinking all is all lost, you will almost certainly experience that as a self-fulfilling prophecy.

Let me know what your thoughts are on my scribbles above and what you think the battlefield will look like in 20 year's time.

30 Comments
mr.e
Level 14

Vegaskid‌,

I too think that this battle will continue till the end of times.  For me, this is due to the following:

  • The same new technologies that are created for good can be used for evil and vice versa.
  • The internet has tremendously increased the reach of viruses, malware, hacking and the like.  So, while some these only affected a small population, now it can easily reach the entire world in very little time.
  • Our culture compensates and sometimes even glorifies hackers, those creating viruses, etc -- sometimes knowingly. The rewards may come in the form of news coverage or interviews (where the hacker agrees when his/her voice and face are garbled). We even see books written about (and sometimes by) famous cyber attacks.  And don't get me started about films -- there is a tendency now to glorify criminal and unlawful acts.
  • The laws have not caught up, for the most part, with the rapid growth of our technologies.  The fact that very few hackers are ever convicted and serve "hard time" means that there are no true deterrents for them, and others that intend harm.
  • The financial rewards are immense and appear to be growing, which is a great appeal.
  • There are many more of the "bad guys" than the "good guys" -- or so it seems.  As we know, there is strength in numbers.
  • Some cyber victims may refused to come forward -- some because of shame, others for fear of their stakeholders, etc.  Regardless of the reason, whenever a cyber attack is concealed, this helps the bad guys continue without being noticed.
  • I think that most people are ill informed (or misinformed) when it comes to safe IT practices. They make life harder for themselves and for everyone else.

Also, in preventing virus and malware must be very hard to do -- since the antivirus definitions can (mostly) be created after the fact.  So, by the time that the correct solution is in place, many will very likely have already suffered.

Still, should we just give up?  That is something we cannot afford to do.  We must "press on" and do our part -- whenever possible -- to help matters.  Also, we should press our legislators to bring IT folks into their discussions. Maybe then they can start to catch up and enact laws that serve as deterrents and reduce the impact and frequency of cyber attacks.


That's my two cents...

Vegaskid
Level 9

mr.e‌,

many thanks for contributing and all valid points. It will be interesting to see how it pans out over the coming years.

gfsutherland
Level 14

Agreed on all points....

I will add....

1. The bad guys are like your shadow... sometimes long... sometimes short... sometimes not visible.... but the are there.

2. Most people think that AV/Malware protection is all they have to do. (these are the same people who get that blank stare in their eyes when you talk about things like social engineering.)

3. Good vs. Evil has always been around... today it takes on a "cyber" form .... tomorrow........... who knows? But it will keep us busy and employed

Jfrazier
Level 18

Good points...

In the future, some of the science fiction I have been reading lately involves hacking...such that an encounter ship to ship is not just fought with "weapons" but also hacking to get at the other ships computer network, hack the computers in the missiles/torpedoes, etc.  Even back in Star Trek, The Wrath of Khan, They "hacked" the other ships system via command codes to lower it's shields.  I gather this "arms race" will just evolve into more things over time....

mr.e
Level 14

I don't know about 20 years, but 100 years from now..., we might be saying,,, "We are the Borg; you will be assimilated.  Resistance is futile". 

All joking aside, 20 years from now, I do think that nano tech will play a big part as well -- on both sides -- in the tech warfare.

Vegaskid
Level 9

Jfrazier‌,

excellent! Just a matter of time before this discussion turned uber nerdy! Please share your reading list...love a good bit of Sci-Fi

Vegaskid
Level 9

Good stuff all.

coreys
Level 9

In 20 years, everyone and their pets might all have Body Area Networks with an EB of storage. Though, confidentiality, integrity, and availability of data will still most likely have value, along with the entities vying for that value.

jkump
Level 15

It is interesting in that the laws do not keep up with technology, the public and press glorify breaches, and those that hack treat it as a game.  Funny as if you know you history of computers, the days of the mainframe from IBM, management information systems managers used to encourage their application programmers to develop applications that kept the systems busy since IBM used to charge their customers by the number of processing cycles that run on the machine.  Hence, the origins of the virus were called "Core Wars" whereby application programmers would write code to keep the mainframe busy but they made a game out of it to see whose code could consume the resources and ultimately the applications of other programmers.  Management was happy because the processors were running, and the underground development of the hacker community was born.

So, as far as what the future will hold, as long as there is a pursuit for financial gains, and something has a value to it, there will be the charge to go and obtain it.  It will continue to be on going battle between those who have and those who want.

superfly99
Level 17

mr.e wrote:

Vegaskid,

I too think that this battle will continue till the end of times. 

I agree. Really we are reliant on software manufacturers to release software that can't be compromised. And security holes these days are more easily spread. I remember in the old days you had to use a floppy disk out of an affected machine to catch a virus. So then as long as you didn't share any of your disks, you were pretty much right.

But nowadays, it's a totally different ball game. The landscape will only change if security can't be compromised at all.

novasamurai
Level 12

Doing things right and secure means for most developers that they need to slow down so they can explain how things are working to a security professional. Because of this, secure and complete code is few and far in between. Even secure code can be poorly implemented, or systems misconfigured.

One the other side, the guys coding to trick others into handing over their information are getting better at the trade. Gone are the days when your system would be slower because of a virus or data sucking trojan. These guys live off the bugs and exploit the meaningless lazy coding that allows them to compromise our systems. I only wish we could hire enough of these coders to work on our side.

I think there is a time in every IT and Security Professional's life when they relive we are all part of a giant Technology Life Cycle, all we can do is the best we can with what we have and keep moving forward. 

Vegaskid
Level 9

jkump‌,

great point on legislation. The pace of technology keeps increasing but our law makers are so wrapped up in bureaucracy that they can't hope to keep up and when they attempt to, it inevitably ends up in them overreacting or stepping over the mark, which has a negative impact on legitimate citizens.

Vegaskid
Level 9

novasamurai‌,

another good point. The whole DevOps cycle needs to mature to address this in a scalable and long term manner. We're all trying to achieve the same goals, right?

gfsutherland
Level 14

Well said.. Our snapshot world has helped create this mess... we need to slow down and protect ourselves from ourselves....

novasamurai
Level 12

I think we need to come up with a more scalable way to integrate security. I think the current model makes security simply just an option rather then a requirement, if available at all.

Vegaskid
Level 9

Yes! It needs to be engrained in everything...the technology, the processes, the culture, the mindsets. Not just a bolt on or after thought.

bspencer63
Level 12

With our integrated and always connected world, we will always have attacks and always be perplexed with the perimeter and its' defense.

From IoT, IoE, MIoT, SIoT, and more acronyms cropping up daily but all have the roots in TCP/IP Ethernet connectivity.  As long as there is a door to knock on, knock down, bypass, or avoid in one way or another, there will be people trying to get in to see what they are missing or just because they can!

Connectivity is great but it is also the cause of a lot of our problems and issues now and moving forward.  It's not going away!  It's too expensive to create a totally separated, physical Network, and still if you could, someone would be trying to physically control a device and get on your Network... 

Scalable is another good point that must be ongoing and keep up with the growth and changes that are happening at an exponentially increasing rate.

Legislation is a good point, but US legislation will not be adopted by the world!  It needs to be a 100% joint venture with any and all countries in the world adopting and enforcing, I mean truly enforcing a form of security base structure and prosecuting those that violate this "Joint Base Security Doctrine" else, why even worry?  Would be a waste of time and similar to what we do with our military with physical security; though if we did adopt US legislation and enforce our citizens to adhere to laws that no other country observes or even recognizes!

mcam
Level 14

There will always be the dark side

Vegaskid
Level 9

mcam‌, you sound afraid.

Fear is the path to the dark side. Fear leads to anger. Anger leads to hate. Hate leads to suffering.

mcam
Level 14

funnily enough I have just got back from a 1500 mile road trip with a Garmin GPS that had Yoda as the voice.

I heard that so many times its not funny

Jfrazier
Level 18

Ah yes...those voice packs for the garmin.

mr.e
Level 14

They may be all one, but not all Borgs are the same. 

Cyb_Borg.jpg

ttl
Level 14

I agree with most of what has been said. However I think that instead of relying on unhackable applications, we actually need to focus more on the underlying foundations -- unhackable operating systems and more secure protocols. There was an article recently in which Vint Cerf said that basically the Internet was a beta program that got loose and that the underlying TCP protocol didn't have security built-in (thanks in part to the NSA). Until the foundations are more secure, the applications that use them are built on sand.

The goals of black-hats have changed from gaining notoriety to gaining money and many are backed by organized crime. They only have to be right once, while the defenders have to be right every time -- doesn't give much comfort as to the outcome does it?

jkump
Level 15

No sense putting band-aids on top of the cut when the artery below is still bleeding.  Good point ttl!

Vegaskid
Level 9

Great points ttl‌. I cover some of that off in a previous post Defence in depth

cj_bergeron
Level 9

I agree that it will always be a battle, both from purposeful and "accidental" attacks from unwary users.  The problem becomes, in many instances, that most companies see IT as a business cost and not an asset.  This results in IT having to do more with less, and ultimately can end up with some things being overlooked.

t0ta11ed74
Level 12

Not trying to plug my own site, but I posted an interesting futurist article related to this on my blog: http://marzopolis.com/inward-turn/‌ .

spkcadet
Level 9

There are many issues with malware these days, and the layer approaches only lessen the impact.  As the protection gets stronger so do the attacks.  You can have malware scans and sandboxes going off at your firewalls and web proxies, then drop it back to your client and do scans and sandboxes but at the end of the day you are still going to miss things.  Palo Alto recently mentioned that they are discovering over 15,000 new hashes of malware a day.  So even if you are using the Blue Coat with SSL interception and the full security suite alongside a NGF such as Palo Alto, you will still struggle to keep up with thousands of new hashes every day.

These days any script kiddie can go to a website and purchase a morphing malware that makes minor tweaks and modifications to the attack just enough that it changes the file hash to evade detection.  Then when thats not enough hackers have gone to the point of splitting the software into pieces such as 2 temp files and then have a harmless script build the 2 harmless temp files into a something as bad as cryptolocker.

What makes it even worse is that you cannot even blame it on the users.  Many times the users are browsing legitimate websites that have been compromised.  At the end of the day it boils down to education of users on how to act in the event of a compromise.  Something that looks promising is Palo Alto has a handy new client side piece of software called TRAPS that is essentially a sandbox on the users desktop.  It looks more at the functions rather than the hash (since those are largely unreliable these days).  It will be interesting to see if that takes off and becomes a real defense against malicious files.

mahhn
Level 7

My prediction is that sophistication will grow immensely. Malware will become frequently written in Assembly to hijack and replace modules of C++ and other languages that of course will now perform additional operations while attempting to keep the same checksum and traceable behavior of the original code. Infections will be placed in systems and not utilized for extended lengths of time, months, years. Entire versions of software (like an OS and common application) will be infected prior to release so that they can access systems with no detectable infection besides the distractions from the actual code. Imagine a Monday morning and 700 million Windows 12 systems have a type of crypto locker on them, or transportation system's systems are all hijacked for extortion or murder. Bribes will become so big and the alternative so bleak none can resist and live if called upon by the dark side. The future is very dark, very, very dark. oh yeah, don't forget the robots, armed drones ect.

pzjones
Level 9

Not only are our law makers wrapped up in bureaucracy, it never ceases to amaze how may people including our law makers just don't take security seriously enough. It seems to be the "it won't happen to me" mentality or simply a lack of understanding the implications of seemingly innocuous security breaches. Many law makers really just don't get it.

I did not grow up with technology (yes, I'm dating myself) so we were very skeptical of computers and gadgets and how safe they were. Of course, I also grew up at a time when you didn't put every personal fact out there for the world to see - some things were considered private. Many people today see nothing wrong with opening yourself and your technology to any one and everyone. Trusting everyone and giving everyone the benefit of the double isn't always a good thing especially in this day and age when access to everything you own can be wiped out with the push of a button.