Black Hat Asia 2019: Get ready for the cyber arms race

The world is at the beginning of a cyber arms race, with defence teams and threat actors gearing up to square off against each other in cyber warfare, according to a leading cyber security expert.

Speaking at Black Hat Asia 2019 in Singapore last week, Mikko Hypponen, chief research officer at F-Secure, noted that technology is already shaping wars, and that the arms race is now squarely in cyber space.

“We might very well be spending the next 60 years in a cyber arms race,” said Hypponen, who has been tracking online crime since 1991.

Although the volume of traditional weapons – fighter jets, aircraft carriers and nuclear weapons – possessed by each country is more obvious, there is far less clarity on who is developing tools for use in cyber warfare.

“Cyber attacks are effective, affordable and deniable – they get the job done and you can deny that it is your weapon,” said Hypponen. “That’s a great combination in any weapon”. 

Going forward, conflict could extend beyond land, sea and air to new domains like the realms of DNA warfare or nanotechnology.

Hypponen said the breadth of cyber warfare covers a wide area, with more devices and endpoints being added to the internet of things each day.

The definition of computers has also gone beyond its original meaning, where standalone devices, and even a nation’s infrastructure such as power plants and transportation systems, are connected to the internet.

“It means that IT managers need to shift from protecting computers to protecting everything,” said Hypponen.

Artificial intelligence (AI) and machine learning are currently being used in cyber warfare, but more for defence rather than offence.

AI-savvy IT workers are highly sought after, and are unlikely to fall in line with cyber criminals. The challenge, however, will be when AI becomes pervasive, spawning more cyber attacks as a result, Hypponen said.

“The lack of skill protects us now, but it is not going to protect us much longer,” he added.

IDC Asia-Pacific’s senior market analyst, Sherrel Roche agreed that AI is making an impact in cyber security and is being used by both defence teams and threat actors.

So far, AI has shortened the time to launch cyber attacks like ransomware, spear phishing, cryptojacking and formjacking, Roche said.

“These advanced technologies enable malicious code to circumvent perimeter security and mine through unstructured data that might be blind to the untrained human eye or is not immediately obvious,” she added.

Given the complex threat environment, Roche said users are turning to e-mail filtering services that use AI to detect anomalies and suspicious looking content.

Users also use security analytics powered by machine learning to discover potential malicious activities, by analysing the activity of users and related entities such as hosts, applications and data repositories, and to provide insights on log data from devices where agents cannot be deployed.

Another tool is user behaviour analytics that is being used to detect compromised credentials, lateral movement and high-risk behaviour that falls out of baseline profiles, in endpoint and security products as well as managed security services.