Cyber Security – Time to Transform your Defence

Barely a day goes by without news of a new cybersecurity attack. The issue is more widespread than ever and the cybersecurity landscape has never looked more threatening than it does today especially in the financial services sector.

Recently banks and financial services companies were targets of coordinated cyber-attacks and were forced to reduce operations or shut down systems. This led Bank of England to issue guidelines to the financial organisations to issue guidelines to protect themselves from such possible attacks.

The problem is partly attributable to fact that the finance sector is perceived to be a high-value target and partly the result of the plethora of

Dr Simon Wiseman

communication channels we use and the pace at which they are evolving. Case in point: the prevalence of images on the Internet. The average size of a web page has grown six-fold, and 67% of that page is likely to be comprised of images. Chances are most cyber defence systems do nothing to combat threats concealed in images. Equally, the ubiquity of social media provides an ever-increasing number of routes through which malware can be introduced and used.

The other reason financial services organizations need to take a long hard look at their cyber-security defences is the levels of sophistication demonstrated by today’s cybercriminals. Yes, well-known and simple techniques are used every day to compromise organisations. But if those fail, cybercriminals will readily resort to the kind of sophisticated and evasive attacks that were once the preserve of government agencies.

Bottom line: the financial services sector is now under near continuous attack. With that in mind, here are four key focus areas for anyone in the sector intent on transforming their cyber security defences and thwarting even the most determined and sophisticated cyber-attacker.

Content is King

From documents and spreadsheets to images and PDFs, digital content is the carrier of choice for the cyber-threats used by today’s attackers. Regardless of the nature of the attack, in 99% of cases, it will start with the attacker attempting to infiltrate the organisation with an exploit concealed in seemingly innocuous business content. Virtually any piece of digital content, whether an Office document, PDF, or image can be used or “weaponised” in this way. Whatever the attack, from ransomware and identity crime to remote access and cryptocurrency mining, it will likely gain a foothold because it was introduced in weaponised content through regular internet usage.

It is therefore essential for businesses to look at how best to ensure that digital content can be handled safely. Here it’s important to acknowledge that, historically at least, the cyber-security industry has failed to deliver the levels of protection that a business might reasonably expect.

Ditch Detection

The vast majority of cyber-security defences operate using the principle of detection. Threats and exploits are identified by examining content for indicators (signatures) that suggest the presence of something malicious. The detection paradigm was effective to a point, but it has proved wholly ineffective in the face of ever more sophisticated threats that are constantly evolving and virtually always concealed in seemingly harmless business content.

In March of this year, industry analyst Gartner published a report entitled, “Beyond Detection: 5 Core Security Patterns to Prevent Highly Evasive Attacks”. The author called out Pattern 4: Content Transform as key to building defences that deal with the threat landscape going forward and financial sector organisations need to embrace this concept.

 

Transform your Defence

Content Transform defeats not only known but also ‘zero-day’ and unknown threats in content. Because it crosses the network boundary, it doesn’t rely on detection or “sandbox detonation”. Instead, it uses a unique process of transformation that ensures protection.

Transformation works by extracting the business information from the documents and images crossing the network boundary. The data carrying the information is discarded along with any threat. Brand new documents and images are then created and delivered to the user.  Nothing travels end-to-end but safe content. Attackers cannot get in, and the business gets what it needs.

Transformation is the only way to ensure that threats are removed from content because it assumes all data is unsafe or hostiles. It doesn’t try to distinguish good from bad. It cannot be beaten; as a result security team satisfied because the threat is removed. Business teams is appeased because they get the information they need.

Picture This

Image steganography is the covert hiding of data within seemingly innocuous image files. For instance, hidden content could be encoded in an image by subtly varying shades of colour – obscure to the naked eye – that when decoded reveal an entire customer database. Put the original, and the compromised image side-by-side and one would not tell them apart, but the latter is worth millions. The popularity of image steganography amongst cyber-attackers is on the rise – malware exploit kits, and malware-as-a-service offerings now include steganography as standard – and the reason for this is straightforward: image steganography is easy to implement and totally undetectable!

Image steganography has been used in Malvertising campaigns to extort money from thousands of users and bring reputable news sites to their knees. It has also been used in conjunction with social media tools to steal high-value financial assets with the criminals using innocuous images to mask a sophisticated Command and Control (CnC) channel over which the data could be exfiltrated without the theft being detected.

Existing perimeter web defences (web gateways and firewalls) cannot protect businesses from exploits concealed in images using steganography. The presence of the exploit has no signature and is completely undetectable. Fortunately transforming the content does provide a defence as the image is completely re-written and subtly changed, destroying whatever was concealed in the picture. If the organization is not using content transformation and social media is allowed into the corporate network, it must be kept away from sensitive data and systems.

As the financial sector comes to terms with the current threat landscape, it is imperative that organizations re-evaluate their defences, understand that detection is not the answer and formulate a strategy for content transformation.

spot_img

Explore more