Many companies are finally beginning to turn away from the traditional defense-only methodology to include a bit more aggressive tactics when facing a cyber attack, such as dynamic defense and automated responses:
Using funds from the US Defense Advanced Research Projects Agency, Mr Strand helped create a set of 20 tricks and traps to thwart cyber criminals. Downloads of the Active Defense Harbinger Distribution kit have almost doubled in the past two months, to an average of about 500 a week. His “active defence” sessions at the upcoming security conference Black Hat in Las Vegas have already sold out. There is a “huge spike” in interest in active defence after each big cyber attack, Mr Strand says.
The onslaught of cyber attacks have shown how vulnerable every sector is, from banks to retailers, entertainment companies to healthcare providers. They want to bolster their defences to protect the customer data, intellectual property and financial information that is the lifeblood of their business — and a treasure trove for hackers.
Mr Lyne showed how active defence techniques could be used to trace a hacker in a 2013 TED talk. He accessed cloud services used by a hacker group, found their phone numbers and used GPS information to pinpoint their office building. He was even able to find pictuers of the hackers’ Christmas party.
But finding them was the easy part. “Despite the theft of millions of dollars, the cyber criminals haven’t been arrested and at this point possibly never will,” he said. “Most laws are national despite cyber crime conventions, while the internet is borderless and international by definition.”
Dynamic defense is exactly where industry needs to be driving innovation. Our current methodologies are dated and in need of being tuned to be able to prevent attacks based on technologies expected to be deployed in the future.