The Cyber Battlefield Has Changed

Since Stuxnet was discovered two years ago, there has been a marked increase in both awareness and exposure to sophisticated and targeted cyber attacks. While nation-state sponsored attacks have been going on for decades, long before the discovery of Stuxnet, the unique sophistication of Stuxnet and its ability to cause actual physical damage to an infrastructure (in this case the nuclear capabilities of Iran) may have marked the beginning of a new era of cyber warfare.

The year 2010 was a watershed moment in cyber security. In January, Google publicly disclosed details about an advanced cyber-espionage campaign dubbed Operation Aurora (which Google said originated within China). The attack targeted dozens of companies, including Google, Adobe, Juniper Networks and Dow Chemical.

The disclosure by a public and well-known company, coupled with attribution to a nation-state, immediately sent shock waves into the community at large – the message was clear: Cyber espionage is real and no one is too big or too small to be a victim.

Less than six months later, in June 2010, Stuxnet was discovered. It was specifically designed to target an air-gapped network (a set of computers disconnected from the Internet) and utilized the largest set of unknown vulnerabilities (zero-days) in a single attack. Stuxnet was quickly and aptly dubbed a cyber superweapon.

These two attacks ushered in the Age of the Advanced Persistent Threat (APT) – cyber attacks launched by well-organized and well-funded nation-states specifically selecting their targets and utilizing sophisticated techniques to achieve long-term goals.

Cyber espionage had gone mainstream. Whether it is intellectual property and proprietary information used for social and economic gain, or intelligence used for political or military advantage, every computer system is a potential target and traditional computer security is ineffective at stopping the myriad threats.

During the past two years, we have seen dozens of high-profile cyber-espionage attacks successfully targeting thousands of companies, nearly every vertical, both private and public, and across every major country. Stuxnet begot Duqu, then Flame was discovered which begot Gauss.

In the world of cyber espionage, copying other people’s work requires only a browser and a search engine, so we’ve seen copycat attacks like the recent Shamoon. While run-of-the-mill malware – password stealing software, botnets, viruses – still accounts for the largest percentage of overall attacks, targeted and more advanced malware now represents the more costly problem in terms of information loss, reputation damage, and remediation.

The biggest lesson learned is also the biggest lesson ignored – companies need a new strategy for defending their information and their electronic borders. Many companies have started to invest in their own security operations centers (SOC) for tracking and responding to unknown threats. They recognize that, given the rise and success of targeted attacks, the enemy is likely already within their borders.

Knowing if you are under attack is as important as defending against future attacks. Unfortunately, too many companies have been either slow to respond or don’t yet believe they could be a victim. While Stuxnet, Duqu, Flame and Gauss targeted a specific region of the world (the Middle East), other attacks such as Aurora, Night Dragon, Shady RAT and Nitro were far less discriminating.

We’ve seen attacks target high-profile security companies, such as RSA, as well as small mom-and-pop businesses with special manufacturing processes or secret formulae that are coveted by rivals. In today’s interconnected world, it’s not just what you know, it’s who you know; we’ve seen companies targeted solely to get to their customers or contacts. The reality is that every company is now sitting on the cyber battlefield, whether they are a willing or reluctant participant.

Harry Sverdlove, Bit9's Chief Technology Officer, draws from nearly two decades of application design and analysis with industry-leading IT enterprises, adding a new layer of technical expertise and strategic vision to Bit9's portfolio of endpoint security solutions. Most recently, Harry served as Principal Research Scientist for McAfee, where he supervised the overall architecture of crawlers, spam detectors and link analysers. Harry joined McAfee through its 2006 acquisition of SiteAdvisor, where he worked as Chief Scientist to develop systems for testing, detecting and analysing any Windows-based application. Prior to joining SiteAdvisor, Harry ran his own consulting company specialising in Windows automation and spam detection. Before that he was Director of Engineering at Compuware Corporation (formerly NuMega Technologies). Prior to NuMega, Harry was Principal Architect for Rational Software, where he designed the core automation engine behind Rational Robot. Harry has a bachelor's degree in electrical engineering from MIT.