Very often, I
get asked this question: “What is Cybersecurity”? For those of us that are in the field, we
know that this can be difficult to answer, depending upon the context you want
to give it in. But most of the people I
come across are the average American citizens, trying to make a go of their
lives.
So, what I
tell them is this: “Cybersecurity is the protection of digital assets, no
matter where they are located at”. Given
this broad answer, and if I meet the same person again, a follow up question that
I get asked is: “What kind of new things are happening in Cybersecurity”?
Well, once
again, this can be a difficult one to answer.
So, depending upon the background of the person, I usually tell them
that opportunities are usually dictated by what is new on the Cyber Horizon,
meaning the threat variants.
And, if they
prove even deeper, I usually start with Phishing as an example. I tell them that this is the oldest threat
vector that is out there, having its originations back in the early 1990s.
The first
true Phishing attack then happened in the late 1990s, with the victim being
America Online (AOL). Then I usually get
into how Phishing has become much more sophisticated over time, and just how it
is close to impossible to tell if an email message is authentic or not.
This is driven
by ChatGPT, which almost eradicates all the telltale signs of a Phishing
message. If the conversation with this
person goes on even deeper and longer, I give them further examples of this:
*The rise of
Ransomware Attacks, especially those that are Extortion based.
*The boom in Business
Email Compromise (BEC) Attacks (this is where a fake invoice is sent, and the Cyberattacker
coerces the victim into wiring a hefty sum of money to an offshore account).
*The boom in
Smishing Attacks, where a Phishing based text message is sent to your smartphone.
*And so
forth.
So, what I am
trying to get at here is that even the oldest of threat variants can still pose
new opportunities for people in Cybersecurity as now fast track into 2025. Another question I get asked is about
Robocalls.
I tell them
if they ever get a phone call from a number that they do not recognize, it is
best to simply delete it. If it is real
and important enough, the person making the call should leave a voicemail. These kinds of calls are based upon the
concepts of Social Engineering.
This is where
the Cyberattacker preys upon the emotions of the victim, and once they feel that
they are vulnerable enough, they will move for the proverbial “kill”. This could range anywhere from having the victim
tell them their login credentials, or even those people that are associated
with them.
Social Engineering
also goes back an exceptionally long time, well before Phishing was born. But today, it still presents new opportunities. For example, from some of the Penetration
Testers I know, they often engage in Social Engineering exercises by visiting the
actual, onsite premises of the client.
They will
then assume the role of a legitimate employee (of course they are not, though)
and see how easily they can get into the client’s business, by trying to bypass
as many of the security checks as they can.
Heck, on a podcast once, a Penetration Tester told me of a case where
they actually launched a non-intentional against some people from within the client’s
business. Over time, they were able to
build a very convincing dialog with the victims, who otherwise would have fallen
prey if it was the real thing.
In fact, just
some time ago, one of my best friends asked me about what Trojan Horses were
all about. To keep things simple, I told
them that it was a form of Malware, which when deployed covertly onto your
computer, will function as a legitimate application.
But on the inside,
is a different story. It could be ready
to set a malicious payload and detonate it at a preset time, or it could even
be a be a Keylogging software that is covertly recording your keystrokes to
capture your passwords.
I also told
him that Trojan Horses have become so sophisticated that even the newest of the
Anti-Malware software packages cannot detect them, because the attack is more
targeted towards the CPU and memory of the device I even mentioned that there is really nothing
new about Trojan Horses, they go as far back as I can remember. Heck, there were even around when the TRS-80
computers from Radio Shack first came out.
Even an old
threat variant like this one pose new opportunities, especially for that of the
Threat Researcher, who is trying to determine these kinds of signature profiles. Finally, I have even been asked about the
recent Crowd Stike incident.
I usually
tell people that this is technically known as a “Supply Chain Attack”, whereby
a Cyberattacker can deploy a malicious payload through just one point of entry,
which in turn, can impact thousands of people, even on a global basis.
If they are
interested even further, they then ask me this: “How can so many people be impacted
all at once”. My standard answer for
this one is that it is because of the increase of connectivity of just about
everything.
One backdoor
that is left open can trigger a cascading effect. But once again here, the issue of secure
connections goes back a long time as well, especially with our aging Critical
Infrastructure. Some of the recent attacks
have led to our water supply being almost poisoned, the flow of natural gas
being completely disrupted on the East Coast.
My Thoughts
on This:
In case you
are wondering, my entire purpose of this blog is to simply illustrate that even
the oldest attack vectors can still bring in new opportunities for an IT
Security team and the CISO to probe into.
By doing this, critical thinking and research skills will be further refined. In the end it is not all about Generative
AI. True, it is here to stay and will be
forever, and it too brings its set of plusses and minuses to the table as well.
But now it is
time that we get out of this hype and start getting back to basics in Cybersecurity.
No comments:
Post a Comment