Understanding the role of hacktivism
Check Point VP says individual hacking actions are not always criminal
Gabi Reish started life working for IBM back in the early 1990s - and for the last four-and-half-years has been working with Check Point, the veteran IT security vendor, where he is VP of Product Development.
Reish's time with Check Point has coincided with a shift away from what is perhaps best described as `conventional security' and a move to software-based boxes, in the shape of the company's Software Blade Technology.
His job, as he often says, involves looking over the horizon at what threats are rising and coming down the technology turnpike, and then helping his team to develop the technology defend against these threats.
It was against this backdrop that we spoke to Reish just before Christmas for an update on what he sees as the likely threats we - as an industry - will see in 2014.
The key worry that he and his team are currently concerned about, he told SCMagazineUK.com, is malware, which he says infects computers from many different directions today.
The attacks seen over the last 12 months, he explained, have been very sophisticated in nature.
"In addition, where previously these attacks were against individuals, we are now seeing them taking place against entire companies and organisations. Coupled with the fact that 10 or 15 years ago the attacks were mainly mischievous, they are now almost all criminal in nature, this is a serious problem," he said.
Over the last 12 months, these attacks have also been seen using a bot - an automated Internet-based attack - to launch a number of attacks, both simultaneously and at very high velocity, meaning that some security defences can be overwhelmed, he went on to say.
Espionage on the rise
And just to make life even harder, he says, there has been a rising tide of industrial espionage attacks being launched against companies, by Chinese entities, who are seeking to discover information from the organisations they are launching attacks on.
The idea behind these attacks, he told SCMagazineUK.com, was originally to scan for information, but these scans are now changing into full-blown attacks, where cybercriminals - or groups of cybercriminals - are staging attacks on systems for reasons best known to themselves.
So where, we asked Reish, does hacktivism sit in the attack threat landscape?
He replied that it is important to understand that many politically motivated hacktivists are not criminals, nor do they have any criminal intent.
"The group as a whole, however, has a different intent. And they are classed as a criminal group for this reason," he said, adding that in April of this year, the Associated Press came under attack from a hacktivist group - and a news message claiming that President Obama has been injured was posted, even though the President of the US has clearly not been injured in any way.
"Then there was a hacktivist attack against MasterCard and Visa several years ago," he noted, adding that whilst the actions of individuals within a group may not have been criminal by themselves, the actions of the group as a whole were clearly criminal in nature.
What is interesting about these types of attacks, says Reish, is that the motives of the individual members of the group can be quite different, even though end result of the group as a while is quite obvious - and criminal in nature.
One attack trend the Check Point VP of Product Development and his team are concerned about in 2014 is the arrival of complex attacks on portable devices such as smartphones, which by their very nature, he says, are normally less well defended than desktop computer systems.
"This means that there are more vectors of risk [against the smartphone] than we saw previously with a desktop system. Furthermore, you do not know if your organisation will be next on the hacker's list. As a result it is clear that organisations must do a lot more to better defend themselves against what can often be a relatively short-lived attack," he explained.
Another trend that Reish and his team are concerned about is the arrival of hybrid attacks with social engineering used as a means of amplifying the effects of the attack threat.
So what are the solutions that he advises CSOs and CISOs to look at for the New Year?
"That's an interesting question. I would say that we really do need to go back to basics and go for a basic approach to defending elements of a given system that truly need protecting, rather than adopting a complex and multi-layered approach. This involves taking a segment approach to the defence, as well as introducing a pro-active form of defence, dealing with problems as they occur, rather than planning for them," he says.
The key elements within this defence strategy, he advises, include:
a) Defeat signature-seeking malware
b) Tackle zero-day attacks
c) Sandbox attacks to analyse what the attack consists of
d) Use firewalls and IPS technologies more effectively
e) Use threat emulation to plan for an attack