/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2018/11/Cybercrime.jpg)
By JOE LEVY, SOPHOS CTO
It doesn’t take an AI-powered sentiment analyzer to observe that reporting, disclosures, and headlines about the security industry skew negative. Whereas most other STEM industries – biotech, pharmaceuticals, robotics – celebrate breakthroughs, the public perception around the cybersecurity industry seems focused on its failures. News coverage of breaches and attacks can be dispiriting to those who work in this field to solve these challenging problems, and can give the customers of security products a crisis of confidence.
But while it’s good to maintain a healthy dose of (wellinformed and risk-aware) caution around information systems threats, it’s also important to take inventory of our victories. And by “victory,” I don’t just mean some arbitrary metric of attacks blocked.
We as an industry are obsessed with measurements, but we sometimes measure the wrong things. Relevant threat data has to be built on a strong, scientifically rigorous foundation in order to be reliable, consistent, and transparent. After all, if you measure every dropped ping packet as a crisis averted (as some overzealous operators do), the “attack” numbers can rise into the trillions. At Sophos, we hold ourselves to a very high standard of rigor in our internal metrics, our disclosures, and in the open manner in which we participate in industry third-party testing.
The threat landscape is undoubtedly evolving; less skilled cybercriminals are being forced out of business, the fittest among them step up their game to survive and we’ll eventually be left with fewer, but smarter and stronger, adversaries.
These new cybercriminals are effectively a cross-breed of the once esoteric, targeted attacker, and the pedestrian purveyor of off-the-shelf malware, using manual hacking techniques not for espionage or sabotage, but to maintain their dishonorable income streams.
Measurements become a more meaningful indication of success when they become observable trends. And one of the most encouraging trends we see is how we’ve begun to shift the burden to attackers, forcing them to change their operations.
We are driving this with a number of important, advanced protection techniques, including generalized exploit protections, which can arrest virtually infinite variations of memory and controlflow abuses; deep learning, which provides the best static prediction of malware at scales never before achieved; and behavioral detections that provide runtime defenses against such would-be epidemics as ransomware.
These technologies materially hinder the effectiveness of commodity malware. The result has been something to simultaneously relish and dread: low-skill cybercriminals are being driven to the periphery, while the most adept among them are forced to step up their game in order to survive.
As the report that follows describes, SophosLabs has been observing a small but growing number of criminals forced to resort to a variety of manual hacking techniques – previously the purview of esoteric, targeted attackers – just to maintain their dishonorable income streams.
The downside is that it’s much more challenging to halt these hybridized threats using conventional methods, but it also means there are fewer criminals competent enough to conduct them, and we keep driving up the cost of their operations. It’s a Darwinian process, and the sort of shift in attacker/defender economics we’ve been striving to achieve for a long time. We consider that a victory, and the start of a trend of attacker disruption that we intend to continue driving.
Source: SophosLabs 2019 Threat Report