Here we are in the middle of a global health emergency and we are witnessing the very best of human behavior. Sadly, we are also witnessing the very worst.
On the one hand, there are the altruistic and hardworking healthcare professionals struggling to respond to the coronavirus crisis, along with the communities trying to pull together. But on the other hand, there are the villainous and ruthless cybercriminals who are trying to take advantage of the situation with absolutely no compassion or conscience.
Reports suggest around 1.5 million malicious COVID-19 themed emails are now being sent every day, with thousands of rogue websites springing up to snare the unwary. Even worse, hackers are specifically targeting healthcare organizations and research facilities with ransomware and other malicious attempts to steal information. The threat to hospitals and other institutions on the frontline of the pandemic fight has become so severe that Interpol has issued a warning to all its member countries to raise awareness.
Right now, every business and organization is far more vulnerable than usual.
Why? Because amid all this disruption and confusion, IT teams are running at skeleton-staffing levels and often operating remotely. Many are stretched to breaking point setting up and supporting a workforce that is suddenly working from home. This means incident response times are slower and rolling out vitally important security patches is taking even longer than normal – maybe even being put on the back burner for now.
Given these difficulties, this is definitely not the time to become a cyber-victim. We haven’t even begun to cope with the financial fallout from the COVID-19 catastrophe. Having the additional challenge of recovering from a ransomware attack or a data breach could prove disastrous. The very future of our company would surely be on the line.
That really is the crucial question. So let’s get away from all the doom and gloom and talk solutions. What we need is a new and radically different approach to cybersecurity. One that enables us to proactively turn the tables on the hackers instead of simply reacting to their attacks.
The key to this puzzle is getting a better understanding of the hacker’s toolbox and modus operandi. Hackers depend upon the consistency and predictability of software code. They expect the makeup, resources, and functionality of any known operating system or programming language to be identical to the version they use to craft their assaults. They can then attempt to exploit zero-day or unpatched vulnerabilities to gain access to systems, construct a buffer overload condition, and try to inject foreign code into running systems. None of this is easy, of course. But the payoff for the hackers is that they can now go after anyone running the same software stack.
Make no mistake, this style of cyberattack can be catastrophic. Some of the most notorious breaches in history have been carried out using these techniques. It’s worth scoping how much damage could be caused to your organization in similar circumstances. This can easily be done by using a buffer overflow simulator tool. Take a look at the blog by Polyverse’s Roy Sundahl or watch the video on Youtube for more information on the Readhook zero-day simulator.
But what about the radically different solution we mentioned earlier?
This involves shaking things up by introducing diversity into the equation to remove the consistency and predictability the hackers rely on. It’s a beautifully simple but amazingly effective technique. Elements of the software stack are run through specialized compilers to scramble and transform the code, but with absolutely no impact on functionality or performance.
We call this Polymorphing at the machine code level for operating systems and Polyscripting at the interpreter level for programming languages and application run-time environments. Polymorphing delivers an operating system with a unique binary makeup including CPU registers, function locations, memory layouts, and instruction sets. Polyscripting scrambles the syntax and grammar of the programming language, effectively creating a unique instance of the language for each website.
The result is that buffer overflow, code injection, and unpatched system dangers are neutralized. That’s virtually the entire hacker’s toolkit dealt with right there.
My two urgent recommendations for immediate protection are:
If you’d like to know more about either solution, please don’t hesitate to contact Polyverse. Want to learn more about Polymorphing? Join our webinar and learn how to protect patched or unpatched Linux servers.
We’ll look forward to hearing from you.