Symantec: Hackers Are Becoming Expert IP Hunting Professionals
Fujitsu Forum 2016: Cyber crime can now be considered a professional, targeted business, according to Symantec
Hackers are becoming increasingly professional, moving from amateur projects to experts in cyber attacks targeted at specific companies in a bid to steal intellectual properties and commit digital espionage.
That’s according to Jamie Johnson, global technical account manager at Symantec, speaking at a security panel at Fujitsu Forum 2016 in Munich.
Johnson explained that the clichéd view of hackers working out of basements going after the credit card details of individuals and trying to wreak havoc through denial of service attacks is being eroded by the rise of professional cyber criminals effectively making an illegitimate business out of their hacking activities.
Pro hackers
“The reality is the cyber adversaries really are professional hackers; these are educated, talented individuals who are leveraging technology,” said Johnson. They have advanced tool kits that they use to do targeted hacks through social engineering, software engineering; they are going after specific [targets] to get intellectual property.
“They are using these toolkits that allow you to generate new versions of code that help avoid and evade detection and they are going after specific areas of financial gain; they want to get to your intellectual property to sell on the marketplace, they want to go out an compromise your brand equity and your name and your reputation, and they are looking to do cyber espionage.”
Johnson noted that through the compromising of websites, data breaches, exploitation of zero-day flaws and the spread of ransomware and digital distortion have led to professional hackers raking in vast amounts of revenue much like a successful business, with certain hackers and groups targeting specific business and having specialisms such as hacking financial institutions or individuals at certain organisations.
Fujitsu fights back
To combat these professional hackers, Fujitsu is expanding its security operation centres and their services in the UK, Spain, Germany and Finland and focus on the security needs of its customers in those regions, as well as take a more intelligence analytical approach to prevent, not simply detect attacks.
And Fujitsu is putting its artificial intelligence (AI) platform Zinrai into action to help take some of the pressure off security professional trying to detect, analyse and spot patterns in sophisticated cyber attacks, further strengthening the idea that AI and machine learning looks to be the future of cyber security.
Rob Norris, head of Fujitsu’s EMEIA security division, noted the Japanese technology giant is pursuing biometric technology to erode reliance on passwords and the tempting targets they provide cyber criminals with.
“If you look at the number one way of attacking and getting data is through user name and password. One of the things we’re looking doing to do [to combat that] is a palm vein technology, which basically [means] you don’t touch anything you user your palm to actually register,” he said, noting the biometric technology can be integrated into laptops provided by partners of Fujitsu.
“What we’re trying to do in biometrics and do away with the need for a user name and password. You can actually power up a Fujitsu laptop with an embedded sensor which allows you to not have to use a user name and password.”
He also noting the technology is also to manage access to systems and locations, with it currently being used in the healthcare sector to register patients and ensure medical staff are administrating drugs correctly and cut down on fraud relating to medical data and claims, as well as being used in European football stadiums to track identify the people coming into matches in order to flag up people who have been associated with football hooliganism.
So while it would appear cyber threats and hackers are showing no sign of making life easier for security companies and enterprises, at least there are technologies under development that could go further than before to mitigate seemingly insurmountable cyber security challenges.
Are you a security pro? Try our quiz!