ACN nabs one-on-one time with McAfee's SVP and CTO

McAfee's Steve Grobman delves into the latest developers of ransomware and the challenges around IoT

Tags: Internet of ThingsMcAfee (mcafee.com)USA
  • E-Mail
ACN nabs one-on-one time with McAfee's SVP and CTO Steve Grobman, senior vice president and chief technology officer, McAfee.
By  Alexander Sophoclis Pieri Published  July 9, 2017

When it comes to the discipline of cybersecurity, constant vigilance is an absolute necessity to stay ahead of the curve. While each technological advancement brims with new opportunities, the ugly truth of it is that it also introduces new avenues of attack for cybercriminals to exploit.

As a globally recognised and reputed name within the world’s IT security market, McAfee has long served as provider of digital security tools, as well as a source for threat research and intelligence. Like so many other security technology companies in the field, McAfee closely monitors the ever-evolving threat landscape, devising new ways to detect and counter attacks before they can do harm.

One of the biggest threats that the company has been tracking over the last few years lies with ransomware, the advent of which has signalled a dramatic change in how cybercriminals approach and trap their targets. Traditional data theft, which had long been the bread and butter for many hackers, is today seen as a poor business model for cybercrime.

“Traditional data theft, from a cybercriminals perspective, is a fairly inefficient cybercrime. They need to digitally fence the data that is stolen and that has problems in that everybody in the supply chain typically wants to get paid,” explains Steve Grobman, senior vice president and chief technology officer, McAfee.

“Sometimes, certain types of data degrades in value overtime and credit cards can be cancelled. So what cybercriminals have done in the last two and a half years is shift a very large portion of their effort into things like ransomware, part of the benefit being that they get paid directly by the victim, and once the crime has been complete, they are essentially done and can move on.”

Another interesting development with the rise of ransomware has been a shift in target priorities by hackers. Where the last couple of years saw a ransomware epidemic within the consumer space, cybercriminals have begun to utilise the malicious software to attack soft target organisations, which include the likes of hospitals and universities.

While soft targets have traditionally been avoided by cybercriminals, the advent of ransomware has provided hackers the means to go after data and critical systems, capturing and holding them for ransom. Furthermore, as such facilities will often lack the right security technologies and IT expertise to deal with a ransomware-type of attacks, they not only become lucrative targets, but rather easy ones at that.

The same attack vector has also been levied against moderate to large businesses, targeting and holding critical business systems hostage. Government organisations, which were once sole targets of politically motivated attacks, have also become lucrative targets as of late because of ransomware.

“Traditionally government critical infrastructure was something that governments needed to worry about from a nation state perspective or a terrorist perspective. Cybercriminals didn’t really have any incentive to target government held assets,” explains Grobman.

“With a ransomware business model, there is actually an incentive for a cybercriminal to look at a government asset and compromise an asset in such a way that it can be held hostage.”

Going back to topic of data theft, Grobman explains that while hackers traditionally stole digital information in order to sell or acquire things like intellectual property, the trend has moved towards compromising data and then weaponising it. This new type of attack proves particularly destructive within an IoT environment, where a single infected device can circumvent the security perimeter and cripple the entire IT infrastructure from within.

“There are new risks with the wide range of IoT devices, especially weak IoT devices in the consumer space, which pose a risk in that they can be weaponised to become part of the attack machinery for bad actors,” comments Grobman.

Classified as a hybrid attack, consumer devices typically lack the same level of security architecture that one would expect from a business grade system. The same attack vector is believed to have been the cause behind last year’s crippling of domain registration services company Dyn, which then affected the websites of major companies, such as New York Times, Netflix, and Twitter. At the front of the attack was the Mirai malware that specifically targeted IoT devices.

Internet-of-Things provides new opportunities for businesses, particularly those in the manufacturing space, to improve automation and access of data within their facilities. However, the fact of the matter, depending on the size of the IoT environment, it provides numerous attack points for bad actors.

“One reasons an attacker may target an IoT space for what we call a crossover or hybrid attack. That would be where they breach a vulnerable IoT environment, in order to get access to traditional business systems or sensitive data,” explains Grobman.

“This is one of the new scenarios that is a grave concern in that a cybercriminal can actually hold a factory for hostage, unless payment is granted. In some cases even permanently damage equipment in that space.”

Switching gears, McAfee’s VP and CTO went on to briefly discuss the recent spin out from Intel Security, which resulted in McAfee once again becoming a standalone company. Announced back in April 2017, the spin out left Intel holding a 49% stake in the company, while the other 51% was acquired by TPG Capital, an asset management firm, at a $4.2bn valuation.

Delving further into how the new relationship with Intel will work, Grobman explains that in addition to the financial structure of the deal, McAfee will benefit from the continued technical collaboration and strong partner relationship with Intel.

This plays well with the company’s ongoing strategy, which is focused on ensuring that products can interoperate with other cybersecurity products in the industry.

“The key thing is cybersecurity technology and semiconductor technology have evolved to be quite different disciplines … If you think about semiconductor manufacturing, it is a multi-year very stable process that will ultimately deliver high-quality hardware components at the end of the multi-year development cycle,” adds Grobman.

“Contrasting that with cybersecurity, we have new threats, threat vectors that pop up every day. We need tremendous levels of agility in creating technology and delivering that technology to our customers to defend against this very rapid changing threat landscape.

“Due to the divergence of these two fields, what the spin out of McAfee does is that it allows both Intel and Mcafee to become laser focused on what they do best.”

Sharing his viewpoint on the constantly evolving threat landscape, Grobman explains that cyber threats will continue to mirror where organisations shift their businesses. For example, as more enterprises begin their journey to the Cloud, the more likely there will be an increase threats within that space.

Hybrid attacks will also likely continue to evolve, targeting various aspects of an organisation’s infrastructure, such as its IoT and Cloud. Another ongoing threat lies with multi-tenant attacks, which target multi-tenant architecture that house numerous customers.

“In many ways, multi-tenant or SaaS solutions are more secure than traditional environments because a lot investment can be made in the security architecture. But at the same time when one of those systems is breached, it will have catastrophic consequences,” comments Grobman.

“Certain environments will be much more secure, but because their holding the data and running the capabilities of multiple organisations, when they are breached, they will have catastrophic consequences. Those are some of things that we are thinking a lot about,” he concludes.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code