There are countless different ways of analysing the history and evolution of cyber-attacks. We can examine the technologies used, the motivations of the criminals, the organisations targeted. One interesting method is to look at the evolution from known to unknown attacks.
What do we mean by ‘known’ and ‘unknown’?
A known security attack, simply put, is one that relies on malicious tools and methods that are already known to the industry. Plenty of malware has been around for years or even decades, built on the same code and targeting organisations in the same way.
An unknown security attack, by contrast, involves cyber-criminals developing brand new code. Every stage in the attack lifecycle, from initial reconnaissance, through weaponisation and delivery, to exploitation, installation, common and control and whatever the actual objectives of the malware are, have not been seen before.
There is also a middle ground between the two where malicious cyber-criminals modify existing malware just enough to slip it past traditional signature-based antivirus and other protections.
Why the evolution?
Fairly obviously, using existing known threats is the most cost-effective and easiest option for cyber-criminals, particularly if they aren’t hugely serious about what they are doing. Also fairly obviously, because known threats are well-recognised and understood by the security industry, a raft of defences against them already exists. Organisations still have a responsibility to keep those defences up-to-date, but provided they do that, there shouldn’t be much chance of a well-established piece of malware getting beyond their perimeter.
However, for cyber-criminals with enough time and resource, or those with a very clearly-defined goal, creating all-new threats is a far more effective option. All of the most devastating cyber-attacks you’ve read about, including the Advanced Persistent Threats (APTs) that have spent months at a time harvesting data from within highly sophisticated organisations, started life as unknown security attacks.
Defending against unknown threats
There are two key aspects to defence against unknown security attacks.
The first lies in having tools and technologies in place which can identify and mitigate security threats even when they don’t have a known code signature. This, then, involves being able to rapidly identify signs of malicious activity from within the organisation, and organising the infrastructure in such a way that it is difficult for threats to spread and propagate.
The second lies in collective pooling of intelligence every time a new threat is detected. Clearly your business alone isn’t going to be targeted with every brand-new security threat in a given year. But if you can benefit from the learnings of other organisations who have been targeted with different attacks, then you can dramatically shore up your own defences.
This is why next-generation security platforms need to be able to draw on intelligence from every single one of their deployments, and proactively feed that into the protection they offer each and every client. Much of the cyber threat landscape is unfamiliar, but there are solutions that can help you navigate it.