From Known to Unknown: The Evolution of Security Attacks
Admin Cloud Security Specialist
There are countless different ways of analysing the history and evolution of cyberattacks. We can examine the technologies used, the motivations of the criminals, the organisations targeted. One interesting method is to look at the evolution from known to unknown attacks.
What do we mean by ‘known’ and ‘unknown’?
A known security attack, simply put, is one that relies on malicious tools and methods that are already known to the industry. Plenty of malware has been around for years or even decades, built on the same code and targeting organisations in the same way.
An unknown security attack, by contrast, involves cybercriminals developing brand new code. Every stage in the attack lifecycle, from initial reconnaissance, through weaponisation and delivery, to exploitation, installation, common and control and whatever the actual objectives of the malware are, have not been seen before.
There is also a middle ground between the two where malicious cybercriminals modify existing malware just enough to slip it past traditional signature-based antivirus and other protections.
Why the evolution?
Fairly obviously, using existing known threats is the most cost-effective and easiest option for cybercriminals, particularly if they aren’t hugely serious about what they are doing. Also fairly obviously, because known threats are well-recognised and understood by the security industry, a raft of defences against them already exists. Organisations still have a responsibility to keep those defences up-to-date, but provided they do that, there shouldn’t be much chance of a well-established piece of malware getting beyond their perimeter.
However, for cybercriminals with enough time and resource, or those with a very clearly-defined goal, creating all-new threats is a far more effective option. All of the most devastating cyberattacks you’ve read about, including the Advanced Persistent Threats (APTs) that have spent months at a time harvesting data from within highly sophisticated organisations, started life as unknown security attacks.
Defending against unknown threats
There are two key aspects to defence against unknown security attacks.
The first lies in having tools and technologies in place which can identify and mitigate security threats even when they don’t have a known code signature. This, then, involves being able to rapidly identify signs of malicious activity from within the organisation, and organising the infrastructure in such a way that it is difficult for threats to spread and propagate.
The second lies in collective pooling of intelligence every time a new threat is detected. Clearly your business alone isn’t going to be targeted with every brand-new security threat in a given year. But if you can benefit from the learnings of other organisations who have been targeted with different attacks, then you can dramatically shore up your own defences.
This is why next-generation security platforms need to be able to draw on intelligence from every single one of their deployments, and proactively feed that into the protection they offer each and every client. Much of the cyber threat landscape is unfamiliar, but there are solutions that can help you navigate it.
CloudCoCo will do a full security assessment of your business today and work with you to make sure you’re protected.
Please contact a member of our talented sales team if you’d like to know more.
Admin Cloud Security Specialist
When it comes to providing customers with cloud services, Amazon Web Services (AWS) and Microsoft Azure lead the pack—ranked as first and second respectively by Gartner in their list of infrastructure-as-a-service (IaaS) providers.MORE
April 17, 2020
April 16, 2020