The generations that matter
July 2018, This Week's Editor's Pick, Cyber Security, Security Services & Risk Management
There are endless reports, articles and commentaries about the differences between the generations, of people inhabiting the world today.
According to popular opinion among older people, the older generations are the hard-working ones who deserve some respect and the youngsters are the lazy good-for-nothings. Young people may have a different opinion, but what else would you expect from lazy good-for-nothings?
When it comes to the information security world, however, generations don’t matter. At least, human generations don’t matter as we are all under the whip from cyberattacks from all angles. The generation that does matter, is the generation of security solutions you have in place to protect yourself and your business from these attacks.
According to Doros Hadjizenonos, country manager, SADC at Check Point, we have entered the fifth generation of cyberattacks. Generation 1 happened in the late 1980s when virus attacks targeted standalone PCs and saw the rise of anti-virus products. Generation 2 happened in the mid-1990s when the Internet was used as an attack platform and this gave us the firewall as security.
Hadjizenonos says that Generation 3 happened in the early 2000s when cyber criminals started exploiting vulnerabilities in applications, which resulted in the industry developing intrusion prevention systems (IPS) as a defence. It was sometime around 2010 when Generation 4 attacks came into their own. This saw the rise of targeted, unknown, evasive, polymorphic attacks that drove the security industry to develop anti-bot and sandboxing products.
It was around 2017 when we saw the emergence of large scale and multi-vector mega-attacks using advanced attack technologies. This is Generation 5. Hadjizenonos explains that each generation had its own set of tools to protect organisations from becoming victims of an attack because the previous generation’s tools couldn’t hack it. In the fifth generation, he says we are in a similar situation and detection-only based solutions are not sufficient for these fast-moving Generation 5 attacks.
Over the hill security
Check Point recently conducted a survey of over 400 security professionals around the world to ascertain, among other data, what generation of protection their companies had in place and what the biggest threats are that they are dealing with. (The report is available for download at https://www.checkpoint.com/downloads/product-related/genv-survey-study.pdf.)
One of the uncomfortable findings is that most companies are still using older generations of cybersecurity in the hopes that this will protect them from the latest threats developed by cyber criminals. Check Point is of the opinion that “Hackers are exploiting the fact that most organisations rely on older generations of security. As the sophistication and scale of attacks has grown, previous generations of security, which merely detect, are no longer effective. What’s needed for the latest generation of cyberattacks is advanced real-time threat prevention that protects all networks, virtual, cloud, remote office and mobile operations.”
This means companies need the tools that can protect them from attacks from the outside and inside, as well as attacks by outsiders using insiders as an attack vector without their knowledge (such as with phishing).
And these threats apply to everybody. Many businesses in Africa are of the opinion that they have nothing to offer cyber criminals, which is insanely incorrect. Hadjizenonos notes that for a two-month period in the first half of 2018, the country most under attack globally was Botswana. The attacks were not to steal credit card information or anything old-school like that, but most were attacks that installed crypto-mining software on people’s machines and used them to mine cryptocurrency – like Bitcoin or Monero and others. These victims had their systems used to carry out this mining, with no benefit to the victims apart from a computer that would be slower than usual. Of course, once a criminal has access to your system, they can install anything they like or use your system and Internet connection to launch other attacks.
Moreover, since banks all over Africa are generally on top of their security, criminals are looking for softer targets and are finding them in the thousands of small- and medium-sized businesses that also have data to steal and connections to larger companies.
Fifth generation security is therefore a unified system built on an architecture that unifies all networks, cloud, and mobile infrastructure, supported by automatic and immediate threat intelligence. It must share information in real time with every component of the system, whether local or remote, and afford the same level of protection to the whole enterprise, whether it’s a PC or a server located onsite or in the cloud, or a mobile device. And, naturally, it needs to be managed centrally.
Hadjizenonos states that Check Point Infinity is the fifth generation security solution that meets all these needs and was designed for organisations battling fifth generation attacks. Read more about Infinity at https://www.checkpoint.com/downloads/product-related/solution-brief/sb-check-point-infinity.pdf.
New malware in Africa
There’s a new cyber threat on the block, and it’s sneakier than anything we’ve seen before, which is undoubtedly the reason why it’s the malware of choice for hackers across Africa right now.
In fact, though crypto-mining malware is relatively new on the cybercrime scene, it’s remained the top malware in key markets in Africa for several months. In April, Check Point’s Global Threat Index showed that Coinhive, Cryptoloot and XMRig were in the top six malware throughout South Africa, Kenya and Nigeria. Again in May, Coinhive ranked as the number one malware family in all three countries.
All three are prolific crypto-mining malware, which – unlike other malware – hijack your system instead of holding it to ransom. While Coinhive leeches your machine’s computational resources to mine Monero cryptocurrency when an unsuspecting user visits a web page, Cryptoloot uses your central processing unit (CPU) or graphics processing unit (GPU) power to add new transactions to the blockchain, thereby releasing new currency. Similarly, XMRig is an open source CPU mining software used to mine Monero cryptocurrency.
At the end of the day, this might affect your business in one of two ways. Either the hacker’s mining operation will consume large volumes of power and leave a horrible surprise in your electricity bill, or the operation will overload the CPU of the infected machines, slowing down your hardware performance dramatically. This is because the malware will defer your machine’s critical tasks to keep the mining operation in progress. Basically, your machines will gradually slow down and heat up, causing a significant reduction in user productivity.
And because cryptominers can infect any device – browsers, servers, desktops and mobile phones – the only way you can protect against the exploitation of your servers is by filtering out mining components within websites and removing miners from mobile devices. Basically, you need a multi-layered security approach.
For more information contact Check Point South Africa, +27 11 510 0120, firstname.lastname@example.org, www.checkpoint.com.