Winning “Whack-a-mole”: How Businesses Can Beat Cyber ​​Threats


With cyber threats on the rise in Aotearoa and around the world, two leading figures in the cybersecurity world explain the growing sophistication of online attacks – and what Kiwi businesses can do to avoid falling victim to them | Content partnership

Without quick reflexes, getting into a mole game can be a frustrating exercise.

But Spark’s Chief Information Security Officer, Josh Bahlman, and Spark’s cyber defense team know very well how to detonate new cyber threats as soon as they appear.

According to the latest report from New Zealand cybersecurity agency CERT, Kiwi businesses have suffered more than $33 million in direct financial losses from cyberattacks over the past two years, with an average of just over $2,200. incidents reported quarterly.

It’s not just the interior image that’s of concern either.

Dan Woods, a former FBI agent and CIA cyber operations officer who serves as head of intelligence at the web application security and delivery firm, and Spark partner F5, told the Newsroom that cyber attacks are increasingly aggressive in the United States – but the ramifications are felt globally.

“As we deploy more and more countermeasures to prevent attacks in the United States, we see these attackers moving to ‘easier’ targets, typically in the rest of North America, the United States. Europe and Asia.

“The attacks that we’ve seen over the last five to ten years in the United States, as we’ve mitigated them, we’re going to start to see those attacks spread to other parts of the world.”

As the volume of cyberattacks has increased, so has their sophistication.

It’s not just blacklisted “dirty” IP addresses previously identified as malicious that are being used by attackers, but thousands of clean IP addresses are now being exploited to stay under the radar of network protection thresholds.

“We are seeing increasing efforts by attackers to develop and build infrastructure to be able to breach complicated protection thresholds. A key part of how we protect is understanding how the attacker builds and changes their infrastructure as they scale their attacks,” says Bahlman of Spark.

Josh Bahlman, Chief Information Security Officer at Spark. Photo: Supplied

Woods spent some time poring over the Genesis Market, an online marketplace that sells bots – a collection of not just usernames and passwords, but unique attributes used to generate what the these are called “browser fingerprints”.

“When you’re at home and you log into your bank, I’m guessing it doesn’t ask you for a second factor – but if you log in from another browser that says ‘we don’t recognize this device “, it triggers two-factor authentication…

“This Genesis Marketplace downloads all attributes from the victim machine that allow them to duplicate the victim’s browser, so the bad actor simply downloads a plugin installed on their Chromium-based browser, generates a fingerprint, and now their browser based on Chromium is an almost exact replica of that of the victim.

When Woods first discovered the market several years ago, it had around 100,000 bots. Now that’s around half a million – a lot of it from New Zealand.

Attackers are also extending their efforts beyond the initial target to vendors protecting the target – as Spark discovered during the distributed denial of service attack on several prominent New Zealand organizations, when the company -even was digitally bombarded minutes before the Stock Exchange.

“The attackers understood that we provided security services to several New Zealand organizations. They would start attacking us 10 minutes early, to try to make us less effective in protecting those customers. Although we were able to react very quickly thanks to a comprehensive and very experienced incident response team, it is not so easy to react in the moment,” says Bahlman.[EC1]

He compares it to a game of molesting: as each potential vulnerability is hit in the head, a new one appears elsewhere.

“We’ll deploy a countermeasure, and then the attacker, over time, will retool themselves to overcome that countermeasure, and they’ll deploy a new countermeasure, and we’ll do that both ways,” Woods says of of the work of F5.

“The reason we can win is that the time it takes for us to re-equip and deploy a new countermeasure is minutes to hours, but it takes them days or weeks to overcome this new countermeasure. measure.”

The goal isn’t to make an attack impossible – just to make it too expensive for the attacker to perform, meaning they move on to another target in hopes of an easier payday.

Bahlman thinks New Zealand is “behind” other parts of the world in the maturity of our cyber defenses, but there is still work to be done to ensure we are protected against escalating threats. threat.

While higher-tier businesses understand the potential issues they face without a robust enough approach, the small and medium-sized businesses that make up a large portion of Aotearoa’s business sector may not be as well prepared.

So what can Kiwi businesses do to better protect themselves from cyber threats? The answer is “boring,” he says almost apologetically.

“For organizations, it’s really about maintaining some of the basic hygiene online. While we’ve been talking about it for a long time, end-user protections have become easier to use and very effective. These key elements are: keep your apps and operating systems up to date for all your devices; always use unique passwords, to make it easier to use a password manager; and put on a good endpoint protection product. on your servers, on your laptops and other devices when possible.

“Additionally, many organizations lack a mature, well-documented and tested incident response process, which can lead to a lot of uncertainty, especially if a major incident occurs. Hackers are always one step ahead of the game, so it’s important that organizations have experienced IT professionals or can work with a managed security service provider with a certified incident response team that covers emerging trends and security vulnerabilities.

Woods suggests companies offer some kind of incentive to customers for using a password manager, such as a 10% discount, given the benefits of improved security.

Bahlman asserts that consideration of an individual’s Internet “hygiene” – or lack thereof – is an essential part of cybersecurity, with user experience being a factor that must be considered before going from the front with controls that are too stiff.

That’s why companies like Spark prioritize zero-trust frameworks, which assume that no one inside or outside the network should be trusted until their identification has been thoroughly verified. . Instead of a traditional approach in which users who have already accessed the network are assumed to be trusted, zero trust requires strict identity verification for every individual or device that accesses any application on the network.

With no single silver bullet that can prevent a malicious actor, organizations need to take a holistic, security-focused approach across their entire infrastructure.

“You’re not solving all your problems by implementing the latest AI detection and machine learning capabilities if you’re still only using single-factor authentication gateways for your admin users. That’s where that a holistic approach to understanding your critical online assets and access to them is essential.”

While many of Spark’s and F5’s security offerings are implemented by larger New Zealand companies, SMBs can benefit from the same “professional” solutions.

Bahlman says, “It comes down to how important your online assets are to your business success and how a service provider like Spark can help you implement them at the right scale for your specific needs. We can also offer maturity assessments and other reviews of a company’s cyber capability, identifying the most significant risks and putting safeguards in place around its critical assets. »

Financial hardship isn’t the only downside to keep in mind when considering what level of cyber protection to put in place, adds Woods.

“There are a lot of companies out there, they’ve decided that this [certain] the level of fraud is acceptable and anything below they are not going to prosecute… but they did not consider loss of privacy or PII [personal identifiable information] and how it affects their customers.

“What happens when that customer tweets about it or posts on Facebook about the negative experience they had with the brand?”

With the stakes – both financial and reputational – so high, there is plenty of incentive to act.

Spark is a partner of the Newsroom Foundation.

As New Zealand’s largest telecommunications and digital services company, Spark’s goal is to help all of New Zealand win big in a digital world. Spark provides mobile, broadband and digital services to millions of New Zealanders and thousands of New Zealand businesses. Spark’s cyber defense team includes more than 180 highly skilled IT and cybersecurity experts dedicated to protecting Spark’s vast network infrastructure, which keeps millions of Kiwis connected, and Spark’s business customers, who cover small and medium enterprises, companies and ministries.

Eight years ago, Spark was the first New Zealand organization to join FIRST (the Global Forum for Security and Incident Response Teams) where membership is based on referral and meeting strict criteria. Currently, FIRST has over 600 members across Africa, the Americas, Asia, Europe and Oceania. To date, only two New Zealand organizations are members of FIRST (Spark and CERT NZ).

F5 is a multi-cloud application and security services company committed to bringing a better digital world to life. F5 partners with the world’s largest and most advanced organizations to optimize and secure every application and API anywhere, including on-premises, in the cloud or at the edge. F5 enables organizations to deliver exceptional and secure digital experiences to their customers and stay ahead of threats.

Comments are closed.