FedInsight by BluVector

Cyber defenders must become more sophisticated to deal with the continued barrage of attacks

 

What we've seen now is the monetization of those attacks with ransomware and with the anonymization through cryptocurrency and other things, paying the ransom actually helps them advance themselves. As much as we like to get alarmed with ransomware, we should be equally alarmed with malware or any compromise because it's really up to the adversary and the human on the other side, and it's really up to their motive.

 

The ability to detect threats without signatures, the ability to not have to wait for that time for analysis and propagation, especially in the disruptive malware world, is super critical. Trying to do better detection, without signatures, do it faster, allows cyber defenders to have a chance, especially in the destructive malware world.

The rash of cyber attacks on agencies and private sector organizations will continue to rise. Just looking at the attack flavor of the year, ransomware…recent studies found ransomware attacks rose 62% worldwide and 158% in North America in 2020. The FBI received nearly 2,500 ransomware complaints in 2020, up about 20% from 2019.

This has led to increased costs for agencies and organizations alike. Some estimate that companies across the globe paid more than $20 billion in 2021 to deal with ransomware, which is a 57-fold increase since 2015.

Cybercrime overall costs companies across the globe an estimated $6 trillion and that cost is expected to only increase in the future.

The issue is more than just ransomware. Attacks against mobile devices are increasing. Phishing attacks are becoming more sophisticated. And new vectors like cryptojacking are becoming a more popular approach by bad actors.

To combat the ever-increasing cyber threats, agencies are spending more money than ever. In the fiscal 2022 budget request working its way through Congress, civilian agencies requested $9.8 billion, which would be a 14% increase over 2021. The Defense Department says its cybersecurity budget request in 2022 is $10.4 billion, bringing total cyber spending above $20 billion governmentwide for the first time.

But it’s more than just money that is needed. It’s also people and better data.

Travis Rosiek, the chief technology and strategy officer at BluVector, said the biggest change over the last 20 years is cyber attackers have gone from executing code and stealing data to destroying it or holding it hostage.

“What we’ve seen now is the monetization of those attacks with ransomware and with the anonymization through cryptocurrency and other things, paying the ransom actually helps them advance themselves,” Rosiek said on the Innovation in Government show sponsored by Carahsoft. “As much as we like to get alarmed with ransomware, we should be equally alarmed with malware or any compromise because it’s really up to the adversary and the human on the other side, and it’s really up to their motive.”

As the adversaries continue to improve their capabilities and become more sophisticated by cleaning up their tracks and leaving fewer traces, agency security operations centers have to accelerate their ability to triage networks. The goal, Rosiek said, is to reduce the dwell time attackers have so SOCs can prevent or better limit the impact and/or collateral damage of an incident.

Rosiek said agencies must become more predictive and less reactive to cyber attacks, which means becoming better at analyzing data from a people, process and technology perspective.

“The ability to detect threats without signatures, the ability to not have to wait for that time for analysis and propagation, especially in the disruptive malware world, is super critical. Trying to do better detection, without signatures, do it faster, allows cyber defenders to have a chance, especially in the destructive malware world,” he said. “From a process perspective, every security operation center I’ve ever been to public and private sector faces short staffs, there’s high turnover rates, and they easily burn out because they’re all drowning in events. There’s a huge big data problem in cyberspace. If you have this big mountain of data, everything is siloed or doesn’t have a lot of context from a cyber analyst’s perspective. It’s really hard to do really good correlation because you don’t have enough insight about why a specific product or tool made a determination. I probably spent 90 some percent of my time looking at false positives, which was probably one of the most unrewarding parts of my career.”

He said agency operations must become cyber resilient to address all three challenges.

“One aspect, and some of the things we tried to work on at BluVector, is better and faster threat detection, on a millisecond basis, through leading-edge machine learning and other non-signature based detection techniques to detect threats that have never been seen before, but also generating a lot of rich context about why we made decisions of something being malicious or benign,” he said. “Then, from a cyber workforce perspective, we try to create and visualize the data in a way that’s very intuitive so a non-novice analyst can come in and look at something and with a little bit of training can say, ‘Yep, that’s definitely bad. Or this looks pretty good.’”

Rosiek said only through AI and ML tools can detection and mitigation, even prevention, happen at a scale to keep up with the bad actors.

“For a targeted attack, a signature is only going to be able to stop that attack within the first minute or less. So they’re going to recompile their tools and have an attack profile that there is no signature that can be blocked or mitigated,” he said. “The evolution from signatures was sandboxing of non-signature based detection. But because that takes minutes or hours for cloud-based sandboxes or on premise sandboxes to return results, it still wasn’t fast enough for destructive malware. The application of machine learning allows that an analysis of unknown content to be rendered in a decision about whether it be benign or malicious can occur in milliseconds, but which is timely enough to be actionable and minimize that impact.”

 

About Bluvector

Deployed and actively used across global government and commercial networks, BluVector is trusted to provide comprehensive threat coverage thanks to nearly a decade of innovation in the areas of machine learning and artificial intelligence. Backed by Comcast, BluVector serves both Public Sector and Enterprise Commercial customers throughout the world.

Featured speakers

  • Travis Rosiek

    Chief Technology and Strategy Officer, BluVector

  • Jason Miller

    Executive Editor, Federal News Network

Sign up for breaking news alerts