The Search for Certainty When Spotting Cyberattacks

On Wednesday night, in the shadow of Central Park, Ambassador Jarmo Sareva, who serves as Consul General of Finland in New York, got back to his roots in the cybersecurity space.

He, and some experts from Finnish cyber security company WithSecure, brought together a group of tech journalists to discuss the need to identify attack patterns of bad actors as the tools to do digital harm become more ubiquitous.

“If there is a cyber attack either by a state-affiliated agency or a provider of cyberware-as-a-service, often in cahoots with the government, it’s going to be so much more difficult,” Sareva said. He spoke specifically of the growing difficulty in attributing cyber attacks with 100% certainty to particular attackers. Prior to becoming consul general, Sareva served as Finland’s ambassador for cyber affairs. Finland, he said, has a strong tradition of public-private partnerships when it comes to cybersecurity.

Compounding the cyber-threat problem is the matter of discerning whether or not there are political ties to an attack and who may be behind it. “Do you want to attribute something politically to someone when you don’t have foolproof or 100% certainty?” he asked.

Sareva spoke, as well as asked those at the table, about the anticipated changes quantum technologies are expected to deliver, especially as they relate to post-quantum cryptography. “All the encryption keys are bound to be broken one day,” he said. “Bad actors are collecting encrypted information now in the expectation that they can break those encryptions and have access to all that data.”

Related:2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster in 2023

One of the often-raised concerns about quantum computing is the possibility that these powerhouse computers, in theory, would have the capacity to shatter current encryption and other security measures used today, even those deployed by governments. “I guess there should be a mad scramble out there for governments and businesses to take all the data that they have and put it into a safe place,” Sareva said. That way even if bad actors could break the encryption with quantum compute tools, the data would be safe.

In a separate presentation, William Taylor, security consultant with WithSecure, discussed research on toolsets and tactics that cyber attackers deploy these days to better protect assets. Profiling adversaries, much like understanding the tactics of outlaws and old gunslingers, can lead to better defenses.

“Maybe it’s a gang in the old, Wild West that are going from town to town, but we understand their techniques,” he said. “We understand their profile.” Understanding their techniques makes it possible for defenders to be prepared, Taylor said. Rather than try to steal gold, these thieves are after valuable data such as health information. Furthermore, the threat of cyber attack can be an exponential problem. “If something’s online,” he said, “it’s exposed to maybe millions of potential adversaries that could attack our business, try and access the asset.”

Related:The Ongoing Cyber Siege of Ukraine: From Russia with No Love

Exacerbating the problem is the availability of malware and ransomware services for sale on the Dark Web, Taylor said, which can arm bad actors with the means of doing digital harm even if they lack coding skills of their own. That makes it harder to profile and identify specific attackers, he said, because thousands of bad actors might buy the same tools to attack systems.

“We can’t identify where it’s coming from very easily,” Taylor said, because almost anybody could be a hacker. “You don’t have to be the expert anymore. You don’t have to be the cyber gang that’s very technically adept at developing all these tools.” That means cyberattacks may be launched from unexpected angles. For example, he said, gangs could outsource their hacking needs via such resources, or individuals who are simply bored at home might pick up such tools from the Dark Web to create phishing campaigns. “It becomes harder and harder to profile the threat.”

Related:NSA Gives Assessment of Cyber Threats from Russia, China, and AI

Large language models, of course, introduced a potentially explosive catalyst for cyberattacks that might put the power of hacking in anyone’s hands. “ChatGPT can write code,” Taylor said. “It can write your own exploits.” This serves to lower the barrier to entry for skills needed to cause cyber havoc.

The answer to better safeguarding against future cyber threats may reside in awareness to help identify the types of attacks being implemented, in the hopes of getting ahead of bad actors. “We have data,” Taylor said. “We have lots of data -- the telemetry from attacks. The techniques that are being used by attackers. The toolsets that are being used by attackers.” Information from prior attacks, he said, can be used to look for patterns by using machine learning to predict the likely next steps a bad actor may pursue. “We can use those patterns to focus resources,” said Taylor.