Digital security expert talks about future threats, ways to stay safe

The internet is an arena for free loads of knowledge. But like every good things on earth, it is often plagued by the bad (read cyberwar/threats). One has to be safe in the online world as it isn’t secure and often bubbles with ever evolving problems.

NewsToday took part in a recent webinar session titled, ‘Threat Predictions-2019’ organised by Kaspersky, Global Research and Analysis Team (GReAT) Asia Pacific, Vitaly Kamluk who shared about the dangers in the cyberworld and steps we can follow to stay safe.

Excerpts from the interview:

Q) Since you have anticipated that we may face threats this year, more likely from newcomers rather than APT (advanced persistent threat) groups, what is the status? Has Kaspersky found any unusual activities in the past two months?

Newcomers are hungry and shouldn’t be underestimated. However it will take time to develop as a bigger trend. They have mostly been active in the Asian regions and operate at different levels of sophistication. Some recently discovered threat groups are SandCat. This is a new APT group. We first observed them in 2018. They were responsible of exploiting Microsoft Win32k flaw.

Q) If newcomers are going to ruin cyberspace, what are the ways they will attacks us with?

As digital world and technologies evolve, so do the threats. There won’t be any big APT groups as they are now re-engineered and are being developed in areas where we have poor visibility. Those who enter the cyber threat arena learn from past cases to not step into spotlight of security researchers. So, we may see them at places where users are less likely to discover an attack. According to our 2019 threat expectations, newcomers may target networking hardware as such attacks are difficult to detect and the equipments are poorly maintained. They will rely on free and commercial popular attack frameworks, which will make their attacks cheaper for them while maintaining anonymity.

Q) During the webinar, you pointed out that the upcoming 5G technology will open doors to actors and lead to data exfiltration? Do tell us how.

5G isn’t here yet but with its appearance we may soon observe new waves of massive DDoS attacks involving phones, or large volumes of data stolen with the help of cellular networks. The entry of 5G will make data exfiltration easier. Take ransomware, for instance. Hackers are now able to block access to your files locally stored on a PC or a mobile. In IoT world, the same trick can be used but on a physical level; how would you feel if you found yourself unable to enter your home or office or unable to get into your car due to a ransomware attack?

Also, a larger number of connected devices will bring more opportunities to create botnets for DDoS attacks, making them even more massive and impactful. It’s important to remember that we are talking about billions of new connected devices — presumably home devices managed by ordinary folk, not experienced admins. Moreover, the higher the transmission speeds, the higher the chance a culprit will successfully transfer a small malicious code or quickly cover their tracks after intercepting traffic.

Q) Previously, Kaspersky unearthed many APT group’s activities including big shots like lazarus’s. In that case, will newcomers be as problematic?

Traditionally there was a big gap between nation-state APTs and cybercriminal world. Newcomers are filling this gap using methods similar to cybercriminals with certain objectives of nation-state spies. They will act fast and can be well-funded. We are at a global level trying to fight the ever evolving threats and survive them. If every country makes an effort to fight against them, together we can create a safer cyberworld.

Q) Here in India, many major payment systems face issues often, leading to heavy financial losses. Will newcomers’ target such financial institute? Tell us how we can avoid such situations.

Every technological leap comes with rushed and unbalanced decision with implementation of features before thinking about security. I believe we should expect attacks in this sector. Each party is responsible and has a role to play in minimising the risk by protecting the vulnerabilities in their systems.

Government and financial institutions should set up strict regulations and protocols for companies managing payment platforms. Companies should play an active role in ensuring responsible data management and have high security in protecting them. The public should always enable two-factor authentication, download apps from official store, view QR code address before opening it via a QR code scanner, be aware of permissions we approve for an app, think twice before allowing access to everything. Also, for monetary transactions it is better not to use a public wifi.

Q) What are the problems we can expect this year in networking and hardware?

We are expecting supply chain attacks. This is one of the most worrying attack vectors which has been successfully exploited in the last two years. It made everyone think about the number of providers they work with and how secure they are. Supply chain attacks will continue to be an effective infection vector. One large problem for networking hardware is integrity checking and validation of the firmware. This area needs more attention.

Q) Who are the primary targets of newcomers?

Newcomers are interested in launching attacks against government organizations, think-tanks and research institutes, military and law enforcements, aerospace, oil and gas companies. Some newcomers can be mercenaries who steal intellectual property and sell.

Q) Can you suggest ways to be safe from threats you listed in the webinar?

Employees are a company’s most valuable asset. In cybercriminal’s perspective though, employees are viewed as path of least resistance into an organization and they use this to their advantage. Our report revealed that careless or uninformed staff are the second most likely cause of a serious security breach. Also have a situational awareness of assets and data. It will help determine threats and helps to your cybersecurity resources where they matter most. Companies should also conduct cybersecurity awareness and training.

Interview by Balamurugan Selvaraj

NT Bureau