Topic: Cybersecurity Industry Must Learn to Collaborate as Effectively as Its Adversari

[Pez]

Cybersecurity Industry Must Learn to Collaborate as Effectively as Its Adversaries

Cyber threats have evolved over time to communicate, cooperate, and in some cases directly collaborate among themselves, giving them a distinct advantage over their security counterparts. Hackers possess a culture that is comparatively open, mutually supportive, and largely opportunistic. This has in part contributed to their ability to outpace their security-minded adversaries. This cooperation is an advantage the cybersecurity industry largely lacks and must learn to overcome.



Security product and service companies don’t like to share. They are in the business of protecting their customers against highly diverse and complex intelligent adversaries. Any information or insights they gain are inherently viewed as a competitive advantage against other vendors. Sharing such knowledge with others security firms seems counterintuitive from a business perspective. This mindset has greatly limited cooperation and the pace of innovation.

Businesses and government entities are also unwilling to share how they have been attacked, exploited, or have responded to such incidents. Sharing is viewed as poor public relations and also opens the door to other hackers who may attempt a similar attack on a susceptible victim. Attackers love to know when something works and they can simply duplicate or iterate.

In essence, the security industry and targets being attacked prefer to remain silent about threat intelligence, best known practices, active exploits, successful attacks, ongoing investigations, and crises they are managing. The data they do share tends to be sanitized, redacted, and stale. This greatly limits its value and applicability.

Attackers are not limited by these compartmentalized practices. They share code, methods, and readily offer advice. This has become so rich and valuable that services are now emerging to meet broadening demands. A variety of activities are available for a price. Dark and gray markets offer more than just illicit drugs. They enable the purchase or lease of knowledge, code, independent contractors, and supporting resources for shady ventures. Vulnerability brokers act as middle men to buy and sell weaknesses in software and protocols. Some offer tantalizing bounties of up to $1 million to entice researchers to deliver valuable zero-day exploits.

Malware-as-a-Service will author custom malware, sell popular packages, or offer hands-off rental services that run malware on the buyer’s behalf and point it at a chosen target. Along the same lines, hacking services are essentially proficient penetration teams that will breach or provide explicit capabilities to bypass a specific target’s digital defenses for a price. Distributed denial of service packages and platforms can be rented, with prices varying based upon the duration and saturation amount directed at the target.

Looking for legitimate identities and credentials? Identity hackers and brokers do all the hard data-breach work and sell the results in nice packages while offering bulk discounts. Spam and phishing engines can be rented to generate and distribute mind-numbing amounts of emails, texts, and links to malicious sites that manipulate or infect visitors. For those seeking a reputation, social accolades are for sale, with positive reviews for sites, sellers, vendors, and businesses written and posted for the buyer’s benefit. Some professional for-hire reviewers, with many followers themselves, will write glowing customized testaments on whatever a buyer wants, for as little as a few dollars. Social media “likes,” fake accounts, and bulk “followers” are also available for a price.

Code repositories allow hackers to share and collaborate on software. Often independent parties will download code and make incremental improvements, re-upload those for others to use, and then repeat the process. This creates rapid iterations of improved software, with novel features and fewer bugs, and fosters a continuous exploration of new ideas. There are even malware quality-assurance services that will test your toxic software to make sure that it will not be detected by the major antimalware software packages and that it will get by the code-review protocols of various digital stores.

Human resources are also available. There are call centers for hire that can service fraudulent transactions, CAPTCHA verification services for fake account creation, mule recruiting for money laundering, digital currency handlers, and package-forwarding people for accepting fraudulent online purchases and then forwarding them to another destination.

The world of cyber threats has morphed into a specialty economy. Communication is the grease that allows the wheels to turn. No longer does an attacker need to be an expert in all areas of hacking. In fact, attackers no longer need a high degree of technical skills. They can simply hire specialists and orchestrate the pieces into a customized solution to victimize targets and cause havoc with a worldwide reach.

Threats are evolving ever faster and the security industry must adapt to keep pace. Teamwork among security professionals against a common enemy is no longer an option, but a necessity. We are collectively better when we actively work together as a community against those who seek to undermine digital security. Competition in the security industry must not impede providers from recognizing who the real enemy is: the cyber threats.

This is why initiatives like the Cyber Threat Alliance are so important. The Cyber Threat Alliance is an organization cofounded by Fortinet, Intel Security, Palo Alto Networks, and Symantec. The alliance is open to all security vendors serious about sharing relevant and valuable threat information. Such partnerships across domains and providers is crucial.

Top security organizations with vast sensor and threat intelligence capabilities can paint a better picture and stand together in the fight against sophisticated cyber threats. These leaders can share and collectively leverage data necessary to gain the insights for better predictions, more effective prevention, improved detection accuracy, and faster response procedures. Cooperation is both a tactical and strategic security advantage.

Cybersecurity must evolve and learn from its adversaries. Communication and collaboration are key to rapid innovation and maximizing knowledge. We are stronger together than separately.

Original article: https://blogs.mcafee.com/mcafee-labs/cybersecurity-industry-must-learn-collaborate-effectively-adversaries/