December 12, 2018 Cryptomining, CYBER SECURITY

Predicting 2019

Every year, come rain or shine, when the month of December rolls around, someone will inevitably ask me, “What do you think will happen next year”?

And each year, without fail, my reply would be “What do I know? I don’t have a magic crystal ball”.

Predicting what hackers will come up with next year isn’t an easy thing.  However, from the trends we’re seeing now, it is possible to speculate how things may develop, at least for the first part of 2019.
In the last 3  years, we’ve seen a surge of ransomware; it’s become everybody’s topic.  All security firms are telling you they can stop it, and you won’t be attacked.  Yet, somehow, businesses continue to get ransomware attacks, and continue to lose their data.

The healthcare sector appears to be the most targeted.  That said, I have an opinion on why that seems so.  Although statistics show that over 75% of ransomware attacks were against healthcare providers, this data is skewed for a reason – the DOH classifies ransomware as a data breach, and health care providers are required to report all data breaches.  Therefore, we hear about every ransomware attack to every healthcare provider which results in data being held for ransom.  However, we don’t necessarily hear the same about any other industry.  So, honestly, I wouldn’t put much stock to that statistic; since it’s circumstantial.  Fact is, we’re all under the viewfinder of hackers when it comes to ransomware.

Over time though, companies have learned to deal with it.  We take better care of backups, we run real time backups; we isolate these from the local network; we have ways to recover our data.  The result?  Almost no one pays anymore; and ransomware has become decidedly less lucrative.  This, coupled with the (near) collapse of bitcoins values throughout 2018, has pushed hackers in a new direction – cryptominers.

What are those?

Essentially, they’re a form of stealth malware that doesn’t really infect your computer or steal any of your data.  All it really wants is your CPU.  For as long as your machine is on, the miner can work peacefully in the background, chewing up your CPU cycles, which are now being used to mine crypto currencies.  To clarify, bitcoins are defined and identified by a crypto key.  Finding such keys requires massive calculations, which in turn require massive amounts of CPU power.  But if you find one, it’s yours to keep.  Hence the word ‘mining’.  So, cryptominers are nothing but malware that uses your computer’s CPU to find such keys, while you’re trying to use your computer to work.  Your computer may slow down, or it may not; you may notice something is wrong; or you may never even know.   And that is ultimately the best hack ever – one where hackers can use your resources to their advantage without you ever even knowing it’s happening.  You aren’t actually losing anything, except CPU cycles.  And they’re gaining that CPU power, they need to find bitcoins or whatever other crypto currency they’re using.

The change though isn’t just one of use and convenience, it’s also political.  The largest user of cryptominer malware known today is North Korea. Does it mean the one infecting your machine is run by North Korea and you’re contributing to the development of their nuclear arsenal?

No; don’t rush just yet.  It simply means that they wrote or commissioned most of the code.  However, malware is malware.  Anyone can control the output and rip the gains at your detriment.

Let me attempt another prediction.  AI is growing in the cyber defense world.  We aren’t ready, it’s not a mature industry yet (despite what the marketing departments of many companies who sell what they call AI but is nothing more than machine learning will have you believe).  So, if _we_ are using it for defense, do we really want to believe that hackers aren’t already trying to use it for offense?  I hope to still be around the day both parties succeed, and we can finally see the first true battle of AIs, one attacking your network, the other defending it.  I’m really curious to see who wins.  Today, we’re always on the losing end because we aren’t really capable of predicting behavior nor hackers’ next moves.  But AI means the ability to predict (algorithms, patterns, and all that); therefore our product offerings will be capable of pre-empting next moves, rather like a game of chess between 2 computers.  I really want to watch it.

One last thing.

What distinguishes AI from ML (Machine Learning) is the ability to predict.  Analyzing data to reach conclusions a posteriori, informed conclusions if you like, but still after the fact, is called machine learning.  To be classified as AI, it needs to have the element of prediction.  Not only can I draw conclusions from the data I have, but I can also use it to predict future behavior, like a chess player’s next move – by that, I mean one single move, and not all the possible moves.  Without the element of prediction, it isn’t AI, it is simply (and only) ML.

Stay safe and count on Network Box USA to continue protecting your security perimeters.  After all, we do cybersecurity the right way.