New Chinese Cybersecurity Threats

December 2, 2019 posted by


hi my name is steve reagan with CSL
online i am at the RSA conference here in california i am joined by sam curry
with cyber reason and we’re going to talk about nation-state actors so here
recently you guys just put out a report about china yeah up to no good here in
the US give me some background on that report well the first thing is that when
we say china we actually mean many different agents and agencies and i
think the biggest thing in the report is that we’re seeing the privatization of a
lot of what’s going on so the great irony of course is that an ostensibly
communist country is seeing the benefits of privatization so you take hackers
who’ve done government work before and maybe worked on the public sector side
they’re going out to the private sector for a bunch of reasons so you actually
had a really great line we need to mention it we can’t let this go okay it
was like being the fire fighter and the arsonist at the same time yeah it’s a
some degree there’s some plausible deniability right that and maybe boy you
suck is the best example of that it’s that they’re selling out sensible pen
testing tools and hacking tools and services but behind the scenes they’re
still actually the ones doing the hacking and doing the malfeasance right
it if you found your fireman out back lighting a fire you might get a little
bit upset and that’s effectively what we’re saying so when it comes to the
types of attacks you’re noticing what are what are some of the things you’re
saying right now I think the first that we just mentioned
organizational changes are quite significant most of our attention of
course day-to-day is spent on how the techniques are changing what the tactics
are I would say broadly perhaps three categories one is we’re seeing them try
to throw off some of the threat intelligence you if you get enough
disinformation out there you both create strange patterns that the good guys
respond to poorly but more importantly you throw off machine learning right how
people are looking looking at it at broad scale the second is we’re seeing
them go down the stack we’re seeing them go into the firmware and third and
finally nobody uses malware anymore right it’s it’s it it’s not just
hackneyed it’s the exception when they use it
instead what they’re doing is they’re trying to use file as malware exploits
fireless techniques injection wherever possible and use the actual tools that
are insitugram even bringing your own or something that could be found by more
traditional techniques for defense when it comes to detecting and trying to
remediate attacks sorta like this what what are the options organizations have
well I think we have to rethink this I think the tradition is you know there’s
some threat Intel of course but we’re using we’re looking at a machine by
machine we’re taking a sliver of every machine and saying let’s go look for
malware on some malware you know known bad signature or signature lists basis
but instead we have to start looking at the behavior we’re not actually as an
industry trying to stop malware we’re trying to do is try to stop bad people
organize the bad people who have QA labs and have the means to stop this stuff so
the best thing we can do is to start lifting our gaze up I’m looking at
behaviors you know ultimately IT departments exist so that you can have
good people with the right machines on the right networks interact with data
and the bad guys are gonna find ways to look like that so we need to start
taking behavioral approaches more and more whether it’s endpoint behavior user
behavior and network behavior I really don’t care we have to start saying it’s
not about the greatest mousetrap it’s how we’re looking across the enterprise
or across many companies and saying alright what can we tell in the
aggregate about human behavior excellent thanks a lot for taking the time to talk
to us all my pleasure again my name is Steve Reagan with CSO online we’ll be
out here all week so stay tuned for more videos

No Comments

Leave a Comment

Your email address will not be published. Required fields are marked *