The internet is both “the best and worst innovation of our time,” and as reliance on it grows, our ability to secure it could become a matter of life and death. This is according to Mikko Hypponen, researcher at F-Secure, speaking during the keynote session on Day 1 of the Infosecurity Europe virtual conference.
Hypponen firstly outlined how threat actors have changed significantly since he started working in the industry in 1991. Back then, “viruses and other kinds of malware we were finding were all written by teenage boys,” just for fun. At that point he could never have envisioned today’s scenario, in which the main threat actors are highly sophisticated organized crime groups and governments.
This change has been brought about by the internet revolution, according to Hypponen. He noted that the “first wave” of this is now over, in which all computers are online, and we are currently in the midst of the second, in which “everything else” becomes connected. These include smart devices and even more significantly, devices that don’t even require an internet connection, such as kitchen radios. This will be purely for the purpose of manufacturers to obtain diagnostics information.
Hypponen believes that as this process carries on, and more areas become interconnected, the internet will become as essential to society as electricity is today. “When technology is useful enough, we can’t live without it,” he commented. Currently, he observed that internet outages are an inconvenience but generally, not a matter of life and death. However, Hypponen expects it will reach this status within the next 20-30 years. “If your network cuts out it is going to be just as bad as getting your power cut,” he said, adding that in fact one day “when we have an internet outage, it’s going to cut power.”
“If your network cuts out it is going to be just as bad as getting your power cut”
In this landscape, the challenge for the cybersecurity industry “is to make sure the connectivity stays online regardless of the attacks that might be launched against it.” This is going to be very difficult – Hypponen highlighted how the internet has become a major vehicle for cybercrime and other malicious activities in recent years. Preventing these is to some extent a thankless task for cybersecurity professionals, with no credit given for stopping attacks, while failure to prevent incidents is highly visible.
Hypponen went to describe the changing threat landscape since the start of the COVID-19 pandemic. Many organizations that have shifted to remote working are now far more vulnerable to being breached, largely because a substantial number of corporate file servers have moved from internal networks to the public internet and are “only protected by usernames and passwords.”
Another trend he observed is that there has been a sharp rise in attacks on healthcare organizations over the past 15 months, including hospitals, clinics and research facilities. Previously, Hypponen didn’t see these types of bodies as prime targets for cyber-criminals, as they were not particularly lucrative compared to other sectors such as finance. This appears to be changing, with institutions like hospitals viewed by many threat actors as more likely to pay ransoms when their systems are encrypted or medical data stolen.
The last year or so has also seen the rise of double extortion ransomware attacks, also known as ransomware 2.0, where in addition to locking systems, malicious actors steal data and threaten to release it if a fee is not paid. This tactic has proved very successful, according to Hypponen, who gave the example of the Maze ransomware gang, which reportedly retired from operating in October 2020 as a result of the financial gain they have made from their attacks. He commented: “This is exactly what we don’t want to happen – we don’t want high tech lowlifes to be successful,” and encourage more people to go down this pathway.
Another area discussed in Hypponen’s address was supply chain attacks, which he said was particularly favored by nation-state actors, “looking for very specific victims” for espionage purposes. Unlike cyber-criminals, these actors will not deviate from their target if it becomes difficult to get into a system, and will therefore look for alternative routes, as demonstrated by the recent SolarWinds incident.
The root cause of these kinds of attack vectors “is always either a technical problem or a human problem,” noted Hypponen. While technical problems, such as unpatched servers, can be solved, albeit with difficulty, human error, like falling for phishing scams, is another matter. He stated: “There’s no patch for human brains.”
In the view of Hypponen, the solution is to become less reliant on humans in cybersecurity in general. For example, in the future, he believes machine learning will be used to write code, removing the need for human programmers. “When we have advanced, powerful systems writing all the code around us, there will be less Bucks, which means there will be less vulnerabilities,” he outlined.
On flip side, one day we could see machine learning be used by malicious actors to write malware. However, Hypponen noted that there is research being undertaken today looking at how this potential threat can be mitigated.
Concluding, Hypponen said that his 30-year career in cyber had demonstrated to him “how hard it is to forecast the future.” He added that we are living in an age of technological revolution and these advances are both the best and worst thing to happen in our lifetime.