Defeating today’s – and tomorrow's – cybercriminals requires man and machine to collaborate, intelligently. This is the heart of next-gen cybersecurity.
I’ve been in the business of defeating malware for more than 25 years. Having started as a part-time developer at Avast, which was called ALWIL at the time, I found myself hooked by the cat-and-mouse game of white hat against black hat, and I still am today, as Avast’s Chief Technology Officer.
During this time, I’ve witnessed first-hand how technology has influenced and changed our world for the better. I’ve also seen the evolution of cybercrime from script kiddies causing havoc to prove their technical prowess, to a serious, significant, and organized activity that is hurting businesses and consumers alike.
It is fair to say that today we are all connected citizens, with online interests, services, and experiences seamlessly woven into the fabric of our daily lives. This connected world is not, however, standing still. Where once the space was limited to PCs, and, subsequently, mobile phones, now we are adopting Internet of Things (IoT) devices, which range from webcams to TVs, home heating systems, personal assistants, and connected cars.
For the bad guys, this variety of devices provides more access and opportunity. It enables a new approach utilizing targeted, smarter, and more successful attacks, so the old-school viruses and hacking techniques are now supplemented by botnets, ransomware strains, and sophisticated social engineering attacks with increasingly ambitious goals of disruption and financial harm. This is the next generation of cybercrime.
Some would say the IoT has been the driver for next-gen cybersecurity. But I would argue that, in fact, it’s the other way around. The advent of IoT devices has presented an opportunity for bad actors to harness the powerful technologies that we in the cybersecurity business have been using for decades to thwart those bad actors’ schemes.
“For the bad guys, this variety of devices ... enables a new approach utilizing targeted, smarter, and more successful attacks ... supplemented by botnets, ransomware strains, and sophisticated social engineering attacks with increasingly ambitious goals of disruption and financial harm. This is the next generation of cybercrime.”
When you hear new players in cybersecurity talk about their market-leading expertise, which comes from using "new" technologies like machine learning and artificial intelligence (AI), it’s important to know that companies like Avast and AVG, which we recently acquired, have been using these same technologies for years, quietly and successfully, to protect our users.
Yet AI, in particular, has become the latest terminology craze in cybersecurity. We hear buzzwords and terms like "hyper-dimensional security analytics" and "complex behavioral modeling" and "3rd-generation AI" used regularly now. But what do these terms mean? Is there actually anything tangible behind them? Are machine-based tools the new pinnacle of security best practice?
It’s becoming hard to distinguish those who have properly built AI and machine learning into their detection engines from those just using the buzzwords to grab attention. How then can a consumer make a true value judgment when buying a security product? Are investors even funding the right companies, the companies that are future-proofing their detection capabilities for the next wave of IoT?
Our approach from the start has been collaborative. We recognize the limitations of human endeavor when it comes to the sheer number of threats we track every single day. Consider that from January to March this year, Avast prevented more than 6 million infections worldwide of ransomware alone. Put into real terms, Avast saved a PC from a ransomware attack almost every second for the first 3 months of 2017.
“When you hear new players in cybersecurity talk about their market-leading expertise, which comes from using “new” technologies like machine learning and Artificial Intelligence (AI), it’s important to know that we have been using these same technologies for years, quietly and successfully, to protect our users.”
Our cloud-based AI technology is able to sift through immense amounts of data at lightning speeds, distinguishing new code from familiar code and identifying the pieces that are most likely harmful or suspicious. This – put in a broader context and combined with our human understanding, which guides and adjusts the machine intelligence to improve continually its capabilities – results in a very powerful engine for threat detection and prevention.
I believe there is a simple litmus test for the veracity of a security company’s claims to offer next-generation security products. It is no secret that machine learning and AI require big data to work. The more information you feed it, the more effective it will be at identifying trends and creating accurate models, and this is true not just in security but in pretty much any other area where machine learning is used today (image processing, speech-to-text recognition, etc.).
And here's the important part: Avast security products are on more than 400 million devices worldwide, and that endpoint presence is used not just as a means of protecting the endpoint, but also as a security sensor. This, combined with the cloud-based engine, effectively means a giant security network at a scale and depth with which few other companies can compete.
“It’s becoming hard to distinguish those who have properly built AI and machine learning into their detection engines from those just using the buzzwords to grab attention. ... It is no secret that machine learning and AI require big data to work. The more information you feed it, the more effective it will be at identifying trends and creating accurate models.”
Today, IoT and the adoption of next-generation technologies by a new wave of cybercriminals present the greatest challenge the security industry has faced. So how are we tackling the ever more complex and intelligent threats we are seeing today? Our strategy has always been to expand our existing expertise and next-generation threat detection capabilities in deep technology to help our customers be safer in their online lives.
We’re already doing this by strengthening our collaboration with companies that are manufacturing common – yet unsecured – IoT products, such as routers, to create security layers by design, built-in from the start. We see a future where people can buy devices or use services that have integrated security, so they don’t need to figure out how they should and can protect themselves and their data, because it’s already done.
This is a future where man and machine work together, so we can enjoy our connected devices and our online worlds without fear.
This is next-gen cybersecurity in action.
Our Aposemat Team has been testing the capabilities of IPv6 and how malware could take advantage of it. One of the topics explored was exfiltration of data via the IPv6 protocol, which we discuss in this post.
Popular banking services, including PayPal, Revolut and Venmo, allow users to request money from others with a few easy steps. Although simple, this functionality could increase the likelihood of related spearphishing attacks.