Seven visualization tools to consider for effective countermeasures in cyber-attack prevention

---

Originally cyber-attacks were done as a boast of the hacker’s skill. In recent years however, the criminal’s aim has been to make money, create disruption, etc., with methods that are more clever than ever. These attacks have also become increasingly complex and diverse, including cyber terrorism aimed at governments, and organized cybercrime that attempts to divert funds from financial institutions and corporate assets. To be on the receiving end of such an attack can cause great damage to your business, so this is an ideal opportunity to introduce a set of visualization tools and countermeasures effective against cyber-attacks, including awareness about the current state of cyber-attacks, their types and examples.

Cyber-Attack Risks are Ever Present

According to a 2016 observation study conducted by the National Institute of Information and Communication Technology (NICT) that used packet information found on the Darknet, 128.1 billion (packet conversion) cyber-attacks have been confirmed. This is almost 10 times as many as in 2013, just 5 years ago, and it is about 2.4 times as many in 2015, just 3 years ago. Simply put, cyber-attacks increase at double the rate each year. But what are the causes and background on why cyber-attacks are spreading so rapidly? The know-how and technology behind creating a cyber-attack is now easily accessible. Information on viruses and attack methods used by hackers can be found on the internet and copied, with refinements made each time. Even software used to create a cyber-attack is unregulated and easily obtainable. And this has not gone unnoticed by criminals and terrorist organizations. Unlike hackers, cyber-attacks are a business for them so they refuse to stop until they obtain their goal. A recent example is the prolonged, large-scale cyber-attack aimed at virtual currency, Bitcoin. New cybercriminal groups have been created and they have expanded the hacker’s methods by imitating and improving them. The attacks have now become more sophisticated and complicated, so that new countermeasures have to be taken, followed by even more sophisticated and complicated attacks, which cause newer countermeasures to be taken, becoming a long and costly game of cat-and-mouse. For example, in cyber-attack intrusions into networks where information is extracted, the number of cases where the techniques to evade traces were successful have increased, even when the intrusion took place over a prolonged period of time. Your company could be experiencing a cyber-attack right now. Countermeasures have become an urgent matter, with concern turning to the attacks on IoT, or Internet of Things – the ever-growing network of locations that feature an IP address for internet connectivity, and the communication that occurs between these objects and other Internet-enabled devices and systems. Unlike general information system terminals, IoT is vulnerable because everyday security management cannot be maintained and is left unaddressed. Cybercriminals aware of this are using IoT as a gateway for their attacks. In fact, in the NICT study previously mentioned, about 25% of cyber-attacks were initiated via IoT in 2015. IoT use is spreading with its reach at 500 billion devices by 2020, so the risks of cyber-attacks will increase exponentially as well.

The Different Kinds of Cyber-Attacks

So, what kind of cyber-attacks are there? Here are some examples.

1. Targeted Type Attack This type of attack is aimed at specific targets, is organized and continuous. It is achieved by combining “phishing email” with “malware” such as viruses and worms. Emails are sent pretending to be normal business communications either from known or related individuals and organizations to the target, and infects with malware when the recipient opens the file. It is known as “Advanced Persistent Threat” or APT, and is characterized by constant attacks over a long period of time until it achieves its purpose. In the case of Japan Pension Corporation, approximately 1.25 million pension subscriber’s personal information was hacked in June 2015 when staff who received the email via a public address opened the infected file. It was part of an elaborate attack where phishing emails were sent to staff based on information already extracted from their terminals, and camouflaged with content only familiar to those inside the organization.
2. DoS Attack・DDoS Attack This type of attack offloads an excessive amount of data towards the target, overwhelming it so that it stops functioning. Coming from a single PC, this is known as a DoS attack, while attacking this way with virus or malware using an unrelated third party PC is known as a DDoS attack. It is a classic method of cyber-attack that has existed since the beginning of the Internet but is still in active use. The DNS server of Dny Company was attacked this way in October 2016. Despite being a major DNS hosting service with a number of security measures, it could not circumvent the attacks that forced Twitter, Netflix, and other global Internet services to stop communication for 5 hours.
3. Malware This is a generic term for software that is intended to tamper with, destroy, or exploit information stolen from computers and information systems. A “virus” which replicates itself by modifying other computer programs and inserting its own code. A “worm” which is a standalone malware computer program that replicates itself in order to spread to other computers. A “Trojan horse” which is a virus or malware disguised as legitimate software. And “spyware” which enables a user to obtain information about another computers’ activities by transmitting data covertly from their hard drive. While malware is often used as a tool in targeted attacks, there is another method called the “watering hole type”. Vulnerabilities in security are exploited where the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit. The goal is to infect a targeted user's computer and gain access to the network at the target's place of employment. In 2013 the official news site managed by telecommunication company Kyodo News was illegally accessed with a malware infection.
4. Ransomware Attack This is a type of malicious software that has been used extensively in recent years. It encrypts data and then requires a ransom in exchange for the code so that it can be made usable again, otherwise access to the data is perpetually blocked. The WannaCry attack which occurred in May 2017 is a famous example. Aimed at a vulnerability in the globally popular Window OS, it was a worm-type malicious intrusion program that installed a backdoor into infected systems. It affected 250,000 computers in 150 countries. In Japan alone there were 600 reports of damage by Hitachi, JR East, and other large companies.

Necessary Cyber-Attack Countermeasures

So how should you deal with the ever-increasing likelihood of a cyber-attack? Here we will introduce you to a number of countermeasures.

1. Countermeasure Protection from Entry to Exit Cyber-attack countermeasures generally tend to place emphasis on preventing unauthorized intrusion into networks and systems, but with the state of current technology and network environments this is likely impossible. To use a targeted attack as an example, the attacker will modify their strategy and strike in various ways until they succeed. Think of it this way: their goal is achieved even if they are blocked 999 times out of 1000, because once you’re in, you’re in. While entry countermeasures key, preparedness before an intrusion is just as important. From internal safeguards to detect malicious programs that infect and make suspicious changes, to exit countermeasures such as relocating internal information to outside systems to prevent the spread of viruses and worms. General antivirus software and sturdy security safeguards are an effective combination here.
2. Regular Updates and Security Patch Updates Attackers are always looking for security vulnerabilities, so regular updates of OS and application software is essential. And since they are also constantly thinking up ways to reverse engineer security measures, there is the possibility that they will be defeated at some point. It is a basic countermeasure rule to always complete the most recent security updates.
3. Improve Security Awareness Through Job Training External attacks are not the only form of security risk. Executives often take files outside of the company despite business protocols, or deviate from normal office workflows which also invites attacks. In the case of targeted attacks, we can become too comfortable using business contacts and vulnerable to phishing emails. No matter how clever, subtle differences can always distinguish them from real emails. It is important that these tactics are shared and explained with employees to maintain a high level of security awareness.
4. Always improve your defensive countermeasures The history of defense against cyber-attacks has been a game of cat-and-mouse. No matter how advanced the protective measures are, attackers have always found a way in. There is no ultimate security measure. The strongest countermeasure at any given time will eventually be defeated. As long as attackers continue to evolve strategies that circumvent defenses, it is necessary to stay ahead of the attacks at all times.

Seven Visualization Tools Effective for Cyber-Attack

While various security services are proposed by companies, “visualization” is key to the solution, with tools to help visualize the kinds of cyber-attacks appearing in recent years. These allow you to check the status of ongoing cyber-attacks and take pro-active measures. Here are some of the most effective visualization tools currently available.

1. Darktrace Enterprise Immune System By using artificial intelligence (AI) algorithms to build a so-called "pattern of life" inspired by the human immune system, every network, device, and user within an organization, can detect abnormal communications/actions spread by malicious software, enabling proactive visualization measures. This is ideal for quickly addressing unknown cyber-attacks identified through those patterns, while still being able to cope with analyzing the program after the threat is detected. This was developed by Darktrace, a leading cyber defense company in the UK.
2. Norse IPViking This is a tool used to visualize cyber-attacks around the world in real-time, and is the original cyber threat map which can be viewed on its website. Each colored line traversing from point to point on the global map is a cyber-attack in action. An American security company, Norse updates information observed and gathered in real-time at points of origin determined by the company. Since the attacker, the service used by the attacker, and the attack destination are displayed and listed on the map, it is now possible to comprehensively visualize how attacks are being conducted across the planet.
3. Digital Attack Map Like Norse IPViking, Digital Attack Map is a site that offers real-time visualization of cyber-attacks taking place on a world map, but with a specialization in monitoring DDoS attacks. You can observe both sources and destinations, the size of the attack in both visual and data terms, and especially large scale attacks usually reported in the news. It is jointly operated by Google Ideas (a think tank run by Google) and Arbor Networks, an American security company.
4. Cyberthreat Real-Time Map While also a map, here threats are displayed on a three dimensional spherical globe. The globe spins with the point of view towards its surface with the option to switch to a flat map, and adjust hues with a single click. This is provided by a Russian security software maker, Kaspersky Research Institute.
5. IBM X-Force Exchange Managed by IBM, IBM X-Force Exchange is a cloud-based security intelligence platform and global development group that coordinates with other global expert teams as necessary, conducting research analysis, and creating and advising on appropriate solutions to each threat.
6. Atlas This is a cyber threat map visualizing server attacks in Japan. It is monitored by the Incident Analysis Center (NICTER), which observes, analyzes, and measures attacks against servers installed in the National Institute of Information and Communications Technology (NICT). In addition to a flat map, attacks may be visualized in three dimensional cubes.
7. FireEye Cyber Threat Map This is a cyber threat map provided by the American security firm Fire & Eye. It also provides services that visualize real-time cyber-attacks taking place on a world map. This company specializes in targeting server attack countermeasures and targeted attacks.

Summary

Cyber-attacks are on the increase not only for national governmental agencies and all sizes of corporations, but also for individuals. And the risks will only accelerate in the future. Criminal group cyber-attacks targeting corporations for financial gain are increasing in particular, so installing countermeasures should not be delayed. It is time to consider using security solutions based on visualization tools to protect your company from the risk of cyber-attacks.

---

This article was translated to English and was originally published in Japan. https://workit.vaio.com/i-cyber-attack/