Symantec POV: The Threat Horizon

How our cyber warriors outpace the exponential growth and sophistication of attacks

“Bigger, bolder and faster.”

That is how Samir Kapuria, Senior Vice President and General Manager of Symantec’s Cyber Security Business, characterized the latest round of cyber attacks.

That was back in 2015.

Stuxnet and the Ukrainian power grid hack were still fresh and shocking. The world had yet to experience 2016 and election email hacks and tampering, the latter’s extent which is still not fully known. Then 2017 came and along with it, the WannaCry ransomware attack followed by Petya/NotPetya, finally, Equifax, whose impacts will be suffered by a majority of Americans for years to come.

Sadly, these will inevitably be overshadowed tomorrow by something even more damaging that reaches even more deeply into our lives. Cyber attacks against us and our previously trusted institutions are growing, the violations becoming more and more dangerous as the attackers strengthen their techniques and increase their daring.

“They are going after much bigger targets,” says Adam Bromwich, Senior Vice President, Security Technology and Response (STAR) Division, “They are locking your machine and asking for a sizable ransom. They’re not just trying to steal data or trick you with a scam. They’re going after bigger and bigger payouts.”  

Just a few short years ago, Symantec investigators saw approximately 150,000 threats per day. Currently they see close to a million and a half—10 times that volume—coming into their labs every single day for analysis. An enormous increase, obviously, but worse is that the threats are better at morphing themselves. The attackers are learning, and the game is constantly changing. Essentially every time a threat lands, it might be subtly different, or have been altered into something entirely new and even more damaging.

Stephen Trilling on current threats.

Yet Symantec continues to fight back. For every high-profile attack, thousands upon thousands are stopped.

And as the criminals and bad actors advance, so are cyber security techniques and solutions.

One example was the cold stop of ‘Bayrob’, a Romanian cyber criminal gang that made its first appearance selling non-existent cars through fake online auctions, then moved on to credit card theft, Trojan delivery and botnet building, all the while hiding behind sophisticated encryption and layers of proxies (a well-documented Symantec blog fully details their misdeeds here).

For over a decade, Symantec investigators tracked the Bayrob gang, all the while issuing antivirus and intrusion prevention updates to protect Symantec customers as they patiently built a criminal case against the thieves. It was cat-and-mouse on an international scale. At one point, the investigators went a full year and a half having to simply wait for the gang to make a mistake—any mistake—so they could intercept their communication and get a fresh glimpse at what the gang had been doing. It was an agonizing test of knowledge, patience, and sheer will.

Finally, in 2016, with Symantec’s compiled evidence in hand, the F.B.I. agreed to move on the case and arrested three key operatives in Romania, extraditing them to the U.S. for trial.

Case closed.

Clearly that kind of boots-on-the-ground cyber crime fighting is a notable effort on Symantec’s part, but what is happening in our homes and businesses demands even more focused attention.

Our entire infrastructure is going online, much of it not properly protected, if at all, and the result is we are potentially putting our very lives on the line.

With ever-more devices being connected to the internet and made ‘smart,’ the mostly-unsecured Internet of Things is becoming the new Wild West. IoT as it is currently taking shape is, to put it mildly, vulnerable. Add in positive-sounding-but-potentially-problematic concepts like ‘ambient intelligence’ (where electronic environments respond to the presence of people) and ‘autonomous control’ (where the devices control themselves) and the IoT quickly could become very wild indeed.

Look at your car. If yours is not an autonomously controlled vehicle (and few of us have those yet), but simply a more recent model, the engine, door locks, hood, and trunk releases, temperature controls, dashboard and even the brakes are all likely connected to the internet and potentially hackable. Someone with bad intentions and the right malware could do some real damage there.

“It’s very clear that, as we move towards a truly autonomous vehicle, the bestselling car will be the most secure,” says Darren Thompson, Vice President of Symantec Technology Services, “That will be the reason people will buy that car above other cars. To me, as a security strategist, that is very exciting.”

Even closer to home, in terms of health and safety, are reports detailing how researchers have demonstrated the ability to remotely access implanted pacemakers without authority, and how hackers have managed to take remote control of insulin pumps without the patient’s consent. It requires only a tiny leap of imagination to see the potential power of ransomware suddenly raised to a nearly unthinkable level.  

Our entire infrastructure is going online, much of it not properly protected, if at all, and the result is we are potentially putting our very lives on the line.

However, there are solutions, and Symantec is leading the way, not only deploying a massive protective army of advanced researchers to help our customers thwart attacks, but using deep research techniques around artificial intelligence, advanced machine learning, deception and psychological responses to outmaneuver, outpace, and outsmart criminals and bad actors.

Symantec envisions a world where that internet-connected light bulb you just bought still has its whiz-bang capabilities, but is also safe and not part of some zombie botnet. They also envision a world where you can store your data wherever you see fit without having to worry about whether or not it is secure. It will be.

And the company’s efforts are not just limited to its traditional strengths. In 2017, Norton released the Norton Core Secure Router, to protect people and devices in their own homes, and not only traditional devices like PCs, mobile phones and tablets, but also IoT devices like lighting/temperature control and baby monitors.

Still, the adversaries constantly up their game. They are increasingly professional and well organized, and yet, strangely enough, even an amateur can now play. According to Bruce McCorkendale, VP of Technology for the Norton Group, these days a bad actor can simply be “some guy with an idea. He can subcontract all the people and he doesn’t need any expertise in cyber crime whatsoever. He just needs to have an evil plan and he can execute it.”

And the threats today are ever more financially motivated. Attackers are going after bigger and more lucrative ransomware objectives, like international SWIFT banking transactions. A recent attack involved an attempt to steal a billion dollars: You read that right, with a ‘b.’

But what truly keeps Adam Bromwich ‘up at night’ is the potential for sabotage. “Attackers have started going after infrastructure. There are many, many weak points in our infrastructure. Nation states have started to go after that. And I always fear that other people will start to go after that, too. It’s an area of great vulnerability.”

Adam Bromwich on infrastructure’s ‘Achilles heel.’

Naturally, there is always more to be done, and yes, things are changing very rapidly, in both the home and office, for Symantec’s personal as well as business and government customers. Eric Chien, Distinguished Engineer and Technical Director of Symantec’s Security Technology and Response (STAR) Division, has been fighting this fight for over 20 years, doing his job ‘the Symantec Way’. He knows what is required—constant innovation—and so he will get the last word.

“Every single day when I come into Symantec it’s like a brand-new job, it’s a brand-new challenge. And we never back down from those challenges. We never give up and we just keep moving ensuring that we’re protecting not only peoples’ computers but their lives.”

About the Author

Joshua Abramson

Brand Creative Mgr. Symantec

Joshua is accountable for brand and messaging for Symantec Enterprise Security. He’s the co-creator of Symantec’s Innovations portal, which highlights our cyber warriors and the work they do behind the scenes.