The mandating of Cyber Essentials certification for all UK central civil government contracts in 2014 demonstrates how vital robust cyber security is in winning defence contracts today. Here, Bogdan Botezatu, Senior E-Threat Analyst at cyber security firm Bitdefender, tells MOD DCB features editor Julie Shennan why all defence stakeholders should take cyber security seriously.
Bogdan Botezatu is an expert in cyber warfare, mobile security and malware affecting social networks. As Senior E-Threat Analyst at cyber security firm Bitdefender he has helped develop cyber security tools and written publications including Malware History, Securing Wireless Networks and the Safe Blogging Guide. Mr Botezatu has spoken at various computer security conferences around the world, including IPEXPO and DefCAMP, as well as international seminars.
Mr Botezatu explained that the scope and seriousness of cyber threats was growing with the advancement of technology: “Today’s cyber threats vary greatly. On the consumer side there is a rise in ransomware technology that encrypts the user’s information – using a public private key – and demands money in exchange for decrypting it.
“This kind of attack targets personal documents and pictures, which people are willing to pay to get back. Ransomware fees are usually between $300 and $1000 depending on the gang operating the software. Ransomware was allegedly responsible for $1 billion of loss in 2015.”
While ransomware attacks can be inconvenient, Mr Botezatu noted that they have the potential to be deadly, as the Internet of Things becomes more ubiquitous.
He said: “In the future I think ransomware will start to target devices that are interconnected. We have seen ransomware hack everything from hospitals to nuclear power stations. Ransomware is present everywhere and we should look at ways of defending healthcare institutions from it.
“I am very afraid of when ransomware stops targeting personal computers and starts targeting critical medical devices such as pacemakers and insulin pumps. It is one thing to face extortion over the retrieval of pictures and another thing to have your health targeted.”
Ransomware is also a threat to critical national infrastructure, though not the only one. As Mr Botezatu explained, large-scale hacks are often carried out by Advanced Persistent Threats (APTs).
He commented: “Multiple groups operate Advanced Persistent Threats as an alternative to old-fashioned warfare, which doesn’t work as well as it used to.
“If you invade a country you will be faced with a great deal of consequences, such as sanctions; however, cyber warfare has no limits. If you subvert a country’s national security using electronic means, for instance controlling its resources, then you can achieve much more.”
An example of an Advanced Persistent Threat in action can be seen in the December 2015 cyber attack in Ukraine, when three separate power stations were hacked within thirty minutes of each other, shutting down the power grid for an undisclosed period of time.
Mr Botezatu continued: “An Advanced Persistent Threat can run undetected for a longer period of time and subvert operating systems as well as the antimalware solutions within the operating systems.”
When a company’s anti-virus solution is attacked by an Advanced Persistent Threat the APT can turn off the security solution, hiding this breach, and then take control of the machine. Yet, although ATP attacks can be damaging, they are not untreatable. Bitdefender has been working on an APT deterrent since 2009, reaching the shipping stage in May this year.
Bitdefender – in partnership with Intel and Citrix – uses hypervisor memory introspection (HVI) technology, which allows those running virtual infrastructures to offload the antimalware solution scanning from their virtual machines to the hypervisor. By removing the security solution to an offloaded environment the malware cannot reach the antivirus software.
While Mr Botezatu appreciates some companies might struggle to afford complex antimalware technology, he suggests there are still practical security steps they can take.
He explained: “Suppliers should get the best cyber solution that their money can buy. Those who have less budget can run a cyber security awareness programme, which is almost free if you run it in-house.”
In-house cyber security – Mr Botezatu suggested – should start with the sharing of best practice.
He expanded: “Companies can research cyber security best practices and integrate them into their own work ethics; these steps can include things like not storing credit card details or passwords in plain text.
“Companies should look at the human factor in their cyber security systems. This is always the weakest link in cyber security; every successful breach starts with someone clicking the wrong link, or bringing their own USB to work.”
Attackers often pick their victim, observing their browsing habits and using this information to prepare an email phishing for the victim’s click on the bogus link, which plants the malware on their system.
Mr Botezatu noted: “Companies should back up all of their information; if they fail to do this then it will only be a matter of time before they are hit by ransomware and have to pay out.”
Once companies have secured their own systems they should also check those of their supply chain.
Mr Botezatu concluded: “Just look at how Target was breached in 2014 – via a contractor’s sub-network, which was tied into the Target network. Your partners can be your weakest cyber security link, just as your own employees can. It is important to ensure that your partners have levels of cyber security just as good as yourself.”
Advanced Persistent Threat Bitdefender Bogdan Botezatu cyber security malware ransomware Senior E-Threat Analyst
Post written by: Julie Shennan
Features Editor of MOD DCB Magazine and MOD DSS Yearbook. Content Marketing Executive at BiP Solutions (Defence Online's sister company). Editor and founder of Artsnfaffs Online Magazine.
.
RELATED ARTICLES
August 22, 2023
Homeland - MoD Secure by Design goes live
The Ministry of Defence (MoD) has adopted a new approach to cyber security in its capability programmes, called Secure by
June 19, 2023
Homeland - Deadline looming for changes to Government approach to security
A leading cyber security expert is urging contractors to prepare for the imminent launch of the Government’s new approach to
