The rise of a generation of new hackers has propelled a boom in successful cyberattacks and data breaches over the last decade. This generation of "modern adversaries" has caused billions of dollars in damages in the last few years, and both the pace and danger of their attacks continue to grow.
This presentation analyzes modern hacker adversaries: who are they, how are they circumventing traditional security systems, and what can the information security industry do to detect and stop these new threats.
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Modern Adversaries (Amplify Partners)
1. Modern Adversaries
Why modern hackers are winning the battle
and how we can still win the war
Andy Manoske, Principal
2. Who is Amplify Partners?
We are an early stage, entrepreneur-focused
venture capital firm investing in technical teams solving
technical problems
@AmplifyPartners
www.amplifypartners.com
3. About the Author
Andy Manoske
Product @ AlienVault
(Open Threat Exchange, AlienVault Labs Research)
Product @ NetApp
(Product Security, Cryptography)
Principal, Amplify Partners
Economics & Computer Science @ SJSU
(Mathematic Economics, Information Security)
@a2d2
4. Cyberattack Reports to US-CERT by Year
0
17500
35000
52500
70000
2006 2007 2008 2009 2010 2011 2012 2013 2014
Successful cyberattacks are on the rise…
Source: US CERT
5. …because we are facing
more sophisticated
attackers
Source: Verizon DBIR 2014
6. The modern hacker is an advanced adversary…
but not necessarily because it’s better than previous
generations of attackers.
(Sorry, Neo)
7. Instead, modern hacking tools are more advanced
and more available than ever before
Source: Axiomatic Design/Design Patterns Mashup: Part 2 (Cyber Security)
8. These tools make even novice modern hackers….
…incredibly dangerous
9. Modern adversaries are able to strike highly defended
targets
because hacking tools have advanced faster than
security systems that detect and stop attacks
10. Anthem was well defended
200 person
Information Security Staff
$50 Million
spent on security per year
Source: Indianapolis Business Journal
11. But they were not prepared for
their adversary’s complex attack
>12 Months
Access to sensitive user data
80 Million
Records stolen
Source: Crowdstrike, NYT
12. To build new security systems
that can defend against complex attacks
We need to build software that can detect, and stop,
modern tools used by modern adversaries
14. The modern hacker is
frequently a professional
…who attacks
private businesses
for financial gain
Source: Hackmageddon
15. Most modern attacks target companies to steal valuable data:
Source: Hackmageddon
most frequently financial data or intellectual property.
16. Hackers then sell this stolen data on the
black market
and that data is used increasingly to
commit identity theft, espionage, and
possibly even acts of terrorism.
Reported PII theft and fraud, 2006-2014
17. Not every cyberattack is focused on profit.
Defacing or destroying online property remains a
key objective for many advanced adversaries
18. Reported PII theft and fraud, 2006-2014There are typically three types of
modern adversary
State Sponsored
Hackers
Organized Crime Hacktivists
19. Reported PII theft and fraud, 2006-2014
State Sponsored Adversary:
Energetic Bear / Dragonfly
Russian hacking group either supported
or directly managed by Russian state
intelligence
● Unpublicized attack on petroleum
pipeline operator to steal energy
infrastructure information
● Unpublicized Industrial Control System
(ICS) sabotage of EU-based energy
management operator to cause future
attacks and outages
20. Reported PII theft and fraud, 2006-2014
Organized Crime Adversary:
Solntsevskaya Bratva
Largest crime syndicate of the Russian
mob heavily involved in cybercrime,
with >$3B in annual revenue from
hacking
● 2014 JP Morgan Chase data breach
targeting wealth management and
credit card user data
● 2008 cyberattacks to spread
disinformation on Georgian government
websites during Russia’s invasion of
South Ossetia
21. Reported PII theft and fraud, 2006-2014Hacktivist Adversary:
AntiSec
Anarchist campaign of former members
of hacking group Lulzsec and members
of the Anonymous community.
● 2014 data breach of the US
International Association of Chiefs of
Police to leak personnel data in
response to investigations on Occupy
Wall Street protestors.
● 2011 compromise of Fox News’ Twitter
account to spread fake story that
President Obama had been injured in a
Terrorist bombing.
22. Most attacks are being perpetrated
by organized crime hackers and
hacktivists
Source: Hackmageddon
24. …who employ less sophisticated attacks…
…reliant upon pre-made tools and malware
25. To confront the majority of attacks from
advanced adversaries
We must detect and stop modern hacking
tools
26. Unfortunately, modern hacking tools and
malware are good at evading detection
Encryption
Modern malware is frequently encrypted to defeat
signature-based intrusion detection systems
Botnets
Modern hacking tools and malware hide behind
legions of slaved “zombie” computers
27. But while botnets and encryption may hide
most tools and malware
The command and control (or “C2”)
structure behind those tools generally
remains the same
Source: Cisco
29. …that was used to attack
as well as several US
companies in…
Defense Aviation
Oil and Gas
Infrastructure
Source: AlienVault, Symantec
30. There is a lot of things the security industry can do to
confront modern threats…
31. …but if we want to stop most attacks from advanced
adversaries we need to build software that
SHARES DATA ON ATTACKERS
Automatically shares analysis data to
open-source platforms to be used in
security defenses
PERFORMS DYNAMIC ANALYSIS
Introspects incoming files and traffic for
possible C2 infrastructure
32. TL;DR
A new generation of modern adversaries
is driving a hacking boom
This generation has access to powerful,
easy to use hacking tools
If we do not rethink our approach and update
our security systems, the advantage enjoyed
by modern adversaries will continue to grow