Security Market Segment LS
Monday, 22 June 2020 07:49

Cyber attacks stayed at same level during pandemic, says infosec pro Featured

Chester Wisniewski: "We saw attacks change from fake shipping notices into 'you've got COVID, click here'. But we didn't see an increase in the number of attacks at all." Chester Wisniewski: "We saw attacks change from fake shipping notices into 'you've got COVID, click here'. But we didn't see an increase in the number of attacks at all." Supplied

A seasoned infosec professional has poured cold water on claims that the number of cyber attacks has increased markedly during the coronavirus pandemic, saying that only the theme of the attacks had changed while all else remained the same.

Chester Wisniewski, a principal research scientist at security outfit Sophos, told iTWire during an interview: "I see no evidence of that [and ] I have no idea what they're talking about. The number of attacks related to the pandemic, of course, have increased dramatically, but the total number of attacks hasn't changed.

"We saw attacks change from fake shipping notices into 'you've got COVID, click here'. But we didn't see an increase in the number of attacks at all, not an increase in the number of spam attacks, not an increase in the number of ransomware attacks."

Wisniewski said he had not seen a dramatic change in any of the numbers in Sophos' data from the beginning of the year. "So if we look at January, February, we don't see a big change from January, February versus March and April," he added.

In his day-to-day role, Wisniewski, whose interest in security and privacy was piqued while learning to hack from bulletin board text files in the 1980s, analyses the attack data gathered by SophosLabs in a bid to improve understanding of evolving threats.

He has helped organisations design enterprise-scale defence strategies, has served as the primary technical lead on architecting Sophos' first email security appliance, and also consulted on security planning with some big global brands.

A great deal of the interview with Wisniewski focused on how things would look post-COVID, and he agreed that there would be some changes as compared to the period before the lockdown.

For one, he said employers would be keen to look at any savings that could be made by continuing with some COVID-era practices, without jeopardising the welfare of employees.

He pointed to his own organisation as an example. "Look at the real estate that Sophos has here in Vancouver for 300 staff. And that square footage in that building costs us a fortune in the CBD. If we could cut the amount of square footage in half, the savings would be monumental to the company just for the space, let alone the coffee and the other perks."

Wisniewski said adapting to a return to office would mean different things, depending on the industry. Sectors like shipping, logistics and manufacturing tended to have a somewhat immature security model compared to sectors like finance, technology and government. And the bigger the organisation and the bigger the IT staff,. the less the issues that would be encountered.

But the fact that organisations, in general, had been moving towards a zero trust networking model would ensure that there was no calamity when people went back to work. Wisniewski pointed to the fact that today more than 90% of sites were using encryption, a far cry from the situation a decade ago.

"You know, when [Edward] Snowden leaked all the NSA stuff, less than 20% of all the websites in the world were encrypted. Everything was leaking everywhere. We were worried about Wi-Fi security, we were worried about VPNs, we were worried about this, we were worried about that. Now it's over 90% of all websites in the developed world that are encrypted and the 10% that aren't are literally like an eight-year-old soccer blog for your kids League Soccer that's not maintained anymore.

"So the safety of using TLS encryption means that I don't really care if your home Wi-Fi isn't perfect. Or if you're working from the local cafe, it doesn't matter anymore. We're generally using the same safety no matter where we are. What's important is that visibility and monitoring where I started out with is present no matter where I'm at.

"I need to know that your computer is safe, that it's, you know, patched or it's up-to-date, that your security software is not turned off. I need to know those things are in place, no matter where you are, whether you're at the cafe, whether you're at home, whether you're at the office. And if we accomplish that, then it's up to the business to decide if they're for it. I don't really think there's that much security risk."

He anticipated that some machines, taken home by workers to use during the lockdown, would need a rash of patches. But again, these were not the majority. There were some organisations where machines needed to be on the internal LAN to receive their weekly or monthly dose of patches.

"We've had some of this internally where we use Microsoft System Centre Configuration Manager to manage some of our machines. Then other machines, we were managing patches externally through just controlling which Windows Updates got automatically downloaded from Microsoft.

"All the machines that were pointed at Microsoft, no matter where they're in the world, they've been getting their updates according to policy. And we've been able to keep an eye on that.

"But a few of the legacy machines, the four- and five-year-old machines that we were just getting ready to replace, some of those were pointed at internal update points. So they are only getting updates when they VPN in; the problem is the user may only VPN in for a half an hour a day and never get that two gigabyte Windows Update downloaded. And that that update may not have happened."

Wisniewski said he had suggested the equivalent of quarantine for unpatched machines. "I've been recommending that organisations look at creating, either bringing those machines in onto the guest Wi-Fi, or creating a quarantine Wi-Fi, until IT is able to give a quick check of those machines to be sure they're fit for duty."

He said he did not anticipate a rash of malware infections when people returned to work. "I would hope not to see too much on the malware infection side. From what I'm seeing, nothing has gotten particularly worse. I think the biggest thing is going to be regulatory and data being spread around places it doesn't belong.

"You know, I think there's going to be a lot of company documents shared in places they don't belong. Policies breached, that kind of stuff. I think it's prudent to make sure those patches are in place. And you know, antivirus stuff.

"But to be honest, I don't expect that to be a big problem. I don't think we're going to see big outbreaks when people come back. One of the things we'll see is some that shadow IT will continue to be used even though it may be prohibited by policy."

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News