The COVID-19 pandemic led to increased digitization of businesses and as a result, created new opportunities for cybercriminals who actively exploited the health crisis and weak links in enterprises who were trying to adjust to the new reality. The Russian invasion of Ukraine has also triggered an escalation in the number of state-sponsored actors targeting critical infrastructure with DDoS attacks. Criminal syndicates, smaller players, and opportunistic criminals – all benefited from the turmoil.
Can businesses and enterprises keep up with the speed of cybercrime today? We invited Ugan Naidoo, INETCO’s Chief Technology Officer & Chief Architect, to share the latest trends, strategies, and tools to help our community members protect their critical business infrastructure and assets from emerging cyber threats.
The Connection: Ugan, what has changed in cybersecurity over the past few years? What should our audience be aware of to stay prepared?
Ugan: Over the past few years, we have observed increased commercialization of cybercrime. The cybercrime-as-a-service operations or software tools are now offered through hacker forums, direct web sales, and on the dark web. For example, you can get tools to launch a simple DDoS attack for a price of a latte. While it is very cheap for criminals, it can be quite devastating for the victimized companies who can lose $100,000 per hour due to these attacks.
We have also seen an escalation in the number of digital supply chain attacks, when hackers insert malicious code into trusted third-party software, infecting all of that company’s customers. Today’s criminals want to get inside the systems or infrastructure and stay there in stealth mode, waiting to launch ransomware attacks or data theft at the right time.
Everyone probably has heard of the SolarWinds cyber attack. The criminals stayed inside the system for 18 months before they eventually got detected. The subsequent investigation found that approximately 18,000 private and public sector victims downloaded the infected software.
The pandemic has also created a pool of citizen fraudsters, those who chose financial crime under difficult circumstances and who are not professional fraudsters. As the number of cybercriminals and professional bad actors grow, cybersecurity considerations need to be front and centre and not an afterthought for enterprises, regardless of size.
The Connection: That sounds scary, but at the same time, with the development and adoption of modern cybersecurity solutions, shouldn’t we be covered by now? Many organizations have already implemented a cybersecurity strategy.
Ugan: Well, you are right, but we live in a world where things change in real-time. In today’s world, it simply is not enough to implement a strategy or a tool and forget about it. Cyber attacks get more and more sophisticated every single day. Bots are becoming so intelligent and effective at mimicking human behavior, that they are able to bypass industry-leading cybersecurity solutions, while their detection becomes increasingly difficult.
We see gaps in current solutions that leave customers vulnerable and we can close those gaps. Without a doubt, traditional network firewalls, WAF, and WAAFs play an essential role in a layered security model. However, when it comes to attacks directed at web servers and API gateways, WAF and WAAFs can be slow to detect zero-day attacks and often cannot block malicious traffic without negatively impacting legitimate transactions.
To cover the gaps, in January, we introduced a new solution to the market – INETCO BullzAI Cybersecurity for Enterprise. It adds an essential layer of protection to customers’ network defenses, keeping infrastructure secure from sophisticated zero-day and high-velocity attacks, including DDoS attacks, bot attacks, and Advanced Persistent Threats (APT).
The Connection: If you compare INETCO BullzAI to other solutions on the market, what’s the difference?
Ugan: Unlike traditional WAF and WAAF solutions, INETCO BullzAI can automatically detect application-layer DDoS and sophisticated zero-day cyberattacks in milliseconds and automatically block malicious traffic without blocking any legitimate traffic or adding any latency to legitimate traffic.
In contrast, countering DDoS or high-velocity attacks by rate-limiting, powering down gateways and servers, or blocking traffic at the IP address and port results in angry customers, lost revenue, and reputational damage. At the same time, both IT and cybersecurity teams don’t have time to actively manage application-layer attacks 24/7. They need a tool to do it for them in real-time that blocks bad actors.
INETCO BullzAI Cybersecurity for Enterprise is powered by machine learning, behavioral analytics, and application firewall technology. So even when a network is bombarded by malicious attacks, neither customers, revenue nor reputation suffer injury. And the time and effort needed by network security teams to contain and mitigate attacks are dramatically reduced.
The Connection: Tell us more about the factors driving the launch of this new product and the technology behind it.
Ugan: With faster digital services and open banking developments around the globe, financial institutions and businesses globally are required to adopt solutions that proactively identify sophisticated emerging fraud threats and take immediate action to block them, without negative friction for real customers. In this environment, machine learning is becoming fundamental. Unfortunately, even some existing industry-leading cybersecurity solutions that leverage machine learning are not good at detecting new fraud signatures: they can’t spot “unknown unknowns” in fraud patterns.
INETCO BullzAI’s technology uses machine learning and behavioral analytics capabilities to build a behavioral profile for every entity, customer, card, and device. There is a correlation between what is the expected behavior for every transaction, so our software can distinguish a bot from a human in milliseconds by aggregating and analyzing data in real-time.
INETCO BullzAI looks beyond known fraud signatures to identify unknown anomalous behaviours and block their associated transactions before funds are irrevocably delivered to criminals. This includes detecting and blocking fund transfers to embargoed nations and individuals.
The Connection: What about the overall cybersecurity strategy for businesses or enterprises: how should it change based on the current threat landscape that we observe?
Ugan: One way to revise your cybersecurity practices is by looking at your infrastructure as a cybercriminal would. Bad actors don’t care about departments or divisions, they seek vulnerabilities in your system. Do you know where your weak links or gaps are? Sometimes, we put too much emphasis on one group of controls, like authentication for example, and lack key data during the investigation.
That brings us to another point: ensure you have access to the data you need instantly. For example, DDoS attacks can bypass biometric protections such as CAPTCHA technologies by mimicking normal user behavior. To capture them, you need to leverage data not only from the network and applications but also from the application payload – the information contained within each message field of a transaction. If we look at the OSI Model, you also have to ensure protection on multiple layers. Some solutions can block malicious traffic at the network layer only, however, DDoS attacks can happen at the application layer or protocol layer. So, make sure you have protection on those layers as well.
And finally, stay on top of the risks: evaluate new cyber threats to understand how your systems can stay protected. Think regularly about how you can improve your resilience. And if you need any additional information on recent trends or best practices, you can visit the Resources section on our website.