Botnets, malspam, zero-day vulnerabilities, and remote access trojans: as COVID-19 continues to ramp up the cyber threatscape, and work-from-home vulnerabilities raise new demands, it’s tempting to bury our heads in the sand. The smarter move, however, is to invest in reliable and actionable threat intelligence. The world may have changed dramatically, but knowledge is still power.
“Now is not the time to shrink away,” said ITWC CIO Jim Love. “We need to move powerfully into the future, we need to understand what’s going on, and we need to set a course for progress and growth.”
Eager to delve deeper into strategies for navigating what he describes as an epidemic of cyber threats, Love joined Derek Manky, Chief, Security Insights & Global Threat Alliances for FortiGuard Labs in a webinar titled What’s in Your Playbook? Hosted by ITWC and sponsored by Exclusive Networks and Fortinet, the session engaged Love and his guest in a distinctly Canadian discussion of research related to cyber threats and suggestions for coping with what comes next in the new, work-from-home (WFH) normal.
Never a dull day in cyber intelligence
Manky set the stage by explaining his role with FortiGuard Labs, the global threat intelligence and research organization at Fortinet. “There’s never a boring day in the office,” is a definite understatement from someone who once worked for Interpol, now runs a worldwide threat intelligence research organization, and consults with C-Suite around the globe.
According to Manky, dealing with data overload is a key issue. “It used to be that there wasn’t enough data. Now there’s too much,” he said. “How do you make sense of it all, and when you do, how do you make that knowledge actionable?”
For FortiGuard Labs, it all starts with visibility. “You can only protect against what you can see,” said Manky. As part of the Fortiguard intelligence network, sensors have been deployed worldwide to get real-time data wherever there are visible points on the attack surface. Intelligence feeds come from more than 200 partners, including threat intelligence peers, national CERT/CSIRT teams, government agencies, international law enforcement organizations including NATO and Interpol, and critical partners such as KISA, OASIS and MITRE.
A different type of disaster
It’s an effort well warranted by the current explosion in cyber incidents. “Anytime there is a large-scale event, cyber criminals will take the opportunity to exploit it,” said Manky, referencing, among other examples, charitable donation scams that surface in response to natural disasters. The difference with COVID, he said, is that most disasters are short-lived and attackers move on to the next one. With a global pandemic, threat campaigns are coming from more players in more languages. Not only is there no end in sight, but the attackers are shifting gears and veering away from malicious URLs to focus on natural targets in the new WFH environment: IOT devices.
As a response to this calamitous state, FortiGuard Labs has introduced the adversarial playbook, a detailed mapping of specific actor groups and clues to understanding them. The playbook’s ultimate goal is to provide useful insight on tactics, techniques and procedures to help protect customers and the public against possible future attacks.
Seeing is believing
“Most organizations have this false sense of security,” said Manky. “Until you really show them what’s happening on their network, they think everything’s OK, but I can almost guarantee you, it isn’t. We process over 100 billion threat events a day. Being attacked is more a matter of when than if.”
Manky directed webinar participants to Fortiguard.com’s Playbook Viewer for an example of how the company is beginning to leverage machine learning and AI to better understand attackers and create defensive guides. He was also excited to share the news of a new product called heat maps that provide a visual representation of threat actors and impact.
Love concluded the webinar with a message to participants. “You aren’t alone in this. There are resources out there and lots of good information about how to deal with a cyber attack”.
As for timing, Love compared having a robust cyber security strategy to planting a tree. “When would you rather do it?” he asked. “Now, or 20 years ago?”