The last line of defence against data theft, viruses, worms and other forms of cyber crime is the air gap – removing an infected device from the network and putting it in a Faraday cage.
The method is often used for ultra-secure internal military and industrial systems. So when evidence emerged of malware that seemed to jump the air gap to infect other devices emerged, the industry sat up and took notice.
While such stories are the stuff of nightmares for IT professionals, cyber security expert Alex Balan warns that the types of hacking most likely to impact the man on the street are far more conventional.
Targeted versus mass-market cyber attacks
Balan is head of product management at software security company BullGuard, and he believes that in terms of new cyber attack methodology, a distinction should be made between targeted attacks and mass market attacks.
"A mass market attack would be something that spreads to everybody that anyone could be subject to, where you define a target audience and try to deliver your payload to as many people as possible," he says.
New targeted attacks are frequently related to phishing, which is sending emails to fraudulently obtain personal and financial information.
"Mobile devices are particularly vulnerable, simply because people are not prepared to be protected on their mobiles," says Balan.
Smartphone attacks can take place through text messages and applications spliced with malware, especially on Android when downloaded from an untrustworthy source.
"The mobile device has access to the biggest amount of private information in everyday life, even more so than your computer," says Balan.
One far less conventional cyber threat that is unlikely to impact the mass population is BadBIOS, seemingly unbeatable malware developed to challenge security technology expert Dragos Ruiu.
Having followed the standard procedure of unplugging the ‘infected’ PC from the network, re-installing the operating system and putting it in a Faraday cage, which prevents wireless communication, it was still communicating with malware on other machines. It seemed to have breached the air gap, the last line of defence in the most secure military systems.
Eventually he found that BadBIOS was resident in the machine’s resident firmware, which meant it had access to the laptop’s microphone and speaker and sent data as sound packages, unperceivable by the human ear, to the other infected systems in the building.
"It’s not a threat to the mass population, it’s a targeted attack," says Balan. "However, it has taught us a valuable lesson. We put all these systems in place, we put up these firewalls and we think that we are prepared to face zero-day attacks because we try to predict even the most unpredictable ways in which malware can spread or behave on our system, but Bad BIOS has taught us that we are not prepared."
To deal with such unpredictable threats, Balan suggests security teams need to be both relaxed and paranoid at the same time.
"More relaxed in the sense they need to step outside the regular protocols and procedures and try to be creative, and more paranoid in the sense that they should suspect that anything can happen and anything will happen," he says. "With that mentality, they should be able to define new drills and methods of trying to hack their own network."
Analysing cyber attack patterns
With this in mind, rather than just protecting against specific attacks, BullGuard analyses patterns in the way malware and other attacks like phishing and infectious websites behave, adding behavioural validation to signature validation.
"For the most part 95% of these people are not creative; most of the creative people are academics," says Balan.
"They have the same goal; making money, gathering systems for their botnets, getting personal information such as credit cards and social security numbers and selling them. If you know that, you’ve taken the first step in developing safeguards."
BullGuard has also developed a service called Identity Protection that effectively monitors whether an individual’s personal information – such as credit card number, tax code or bank account details – is leaked on the internet or on the secretive Deep Web.
"If that happens, we’re going to see that, send you a text message or email notification that your credit card details just showed up for sale," he says.
Expecting the unexpected
Oscar Wilde once said "to expect the unexpected shows a thoroughly modern intellect" and that is exactly what is expected of modern cyber security personnel.
While even the most advanced security system cannot protect against all new threats, the latest technology can identify the telltale signature of even unprecedented hacking attacks and prevent data falling into the wrong hands.
But technology is only part of the solution; training must be provided for everyone who deals with company data and procedures put in place to ensure data never strays where it should not.
To this end, special attention needs to be given to mobile systems, the use of which is expanding exponentially, but for which awareness of security measures is lagging far behind.
The result of cyber attacks against military systems can be far more severe than the financial, data and service loss experienced in commercial systems, potentially putting lives at risk.
High-profile hacking cases dominate the headlines, but while the main aims of modern cyber cyber criminals are unchanged – stealing information and denial of services – hackers are finding new ways of bypassing security measures.