In response to yesterday afternoon’s news on the NUS and NTU breaches, Sanjay Aurora, MD APAC, Darktrace shares his views on how this breach might have happened and how it can be prevented moving forward.
Sanjay Aurora, Managing Director, Asia Pacific, Darktrace
The critical word in advanced persistent threat (APT) is ‘persistent’ – these are sophisticated threats that are getting into your network and staying there, undetected, for a long time. Perpetrators often acquire legitimate user credentials or gain access through unprotected software or hardware, allowing them to easily bypass traditional security tools like firewalls.
Once these threat actors are inside the network, it becomes extremely difficult to distinguish their behaviour from that of legitimate network users. These attackers can then move laterally and silently within the organisation’s network for weeks or months, conducting reconnaissance and searching for critical information, before eventually executing an attack or exfiltrating data.
It can take up to 230 days for a company to realise they have been breached and critical systems compromised. At Darktrace, we once started working with a customer, only to find that there was a sophisticated threat inside their network that had been there for eight years.
Unfortunately, there have been a lot of sophisticated attacks all over the world, many of which have made headlines recently. The holy grail is to find these things early, before they escalate into crises.
For example, at Darktrace, we worked with a bank in Italy, which experienced an advanced cyber-threat involving the large-scale exfiltration of sensitive data to a group of unidentified computers. Legitimate user credentials were used to send large volumes of data outside the organisation via Facebook. The Enterprise Immune System detected anomalous behaviour within minutes, and issued a threat alert, which enabled the bank’s security team to stop the emerging threat. Another example is a law firm that discovered its video conferencing system had been compromised and had been livestreaming all the conversations to an unknown location from the boardroom for a week.
The education sector is full of intellectual property, and many of these organisations are also looking to enrich educational experiences by allowing students to use personal devices on the network and embrace digital applications to better facilitate learning. All of this simultaneously creates more network vulnerabilities and opportunities for cyber-attackers, adding pressure on lean infrastructure teams responsible for protecting users and sensitive data.
The reality is, cyber-threats are getting more advanced by the day.
Businesses need to understand that they can’t catch every threat as it gets into the network. It is no longer possible to predefine what ‘bad’ looks like in advance, and stop these threats from getting into the network.
Organisations must therefore turn to ‘immune system’ technology, underpinned by machine learning and artificial intelligence, to spot APTs and emerging attacks that hide within noisy networks.
The technology automatically learns a network’s normal ‘pattern of life’. Once an evolving baseline has been established, the technology alerts systems administrators to anomalies, with each alert highlighting how serious a threat might be.
This means that previously unidentified threats can be detected, even when they go unnoticed by traditional security tools. This ‘immune system’ technology also automates many of the responses that once required humans, such as isolating a compromised server from the internet for the time being, buying the security team time to investigate the threat. Automation is absolutely critical.
On 26 April 2017, Darktrace also announced that the United World College of South East Asia (UWCSEA), has deployed its self-learning technology in Singapore and across the region to catch sophisticated cyber-threats able to silently infiltrate its growing network. The full press release can be accessed at the following link: https://www.darktrace.com/press/2017/161/.
Darktrace, a world-leading cyber-threat defence company with regional headquarters in Singapore and operations in Japan, Australia, Hong Kong, India, Korea and New Zealand, has pioneered the Enterprise Immune System – a new approach to cyber defence. Its Enterprise Immune System technology automatically detects and responds to emerging threats, powered by machine learning and mathematics developed by specialists from the University of Cambridge. Without using rules or signatures, Darktrace models the ‘pattern of life’ of every device, user and network within an organisation, identifying and mitigating cyber-threats before damage is done. Darktrace’s self-learning technology has been deployed globally and across all sectors, including education, energy, retail, telecommunications, manufacturing, financial services and healthcare.