What a next generation cyber attack looks like
Mike Lynch, founder of Darktrace, the world-leading AI platform for cyber defense, discusses what the modern day cyber attack looks like and why the robot wars we read about - AI vs AI - might actually be today’s reality.
Read:
What does a next generation cyber-attack look like?
If you read the papers, you would think that cybersecurity is about breaking in and somewhere stealing credit cards. We see these great headlines, but actually, what's going on is much more worrying than that. What you're seeing now is the really quiet attacks - the stuff you read in the papers is the equivalent of being burgled and you come home, and all the drawers have been turned out. Whereas what we're talking about here is someone who's gone into a house, put in cameras, and also has the ability to release a gas canister at any point.
So, they get in very quietly. They learn everything that's going on at any point, they can have a kill switch. And that's much harder to find because of course we don't disturb anything. So, that's why companies are having to think very differently about this, it's not about the smash and grab anymore. At the upper end of the spectrum, you have attacks now that are so fast that there's no way in which a human can respond and you need to have technology, which goes mano a mano in real time with it before the humans are even awake.
So, it's moving very very fast, it's very different. A lot of the methods that people used to use - so you can't rely on the perimeter wall because they're already in. They're not going to be noisy they might be very quiet, and they might be very fast. And these are being powered by AI. So, the attackers are now using AI so the way in which they get to be very quiet, is the AI gets in, looks around and blends in and then works out what's going on. It doesn't have to phone home but it's an AI can make informed decisions. Very, very hard to find. Or one that when it mounts an attack, it's making its decisions in real time faster than the human can by 1000 times. We are in a very different situation. It is endemic.
The important thing to understand about where cybersecurity is now is that it’s not about if you are attacked, you are being attacked all the time. And even if you don't think you’re target - for example. we saw nation state hackers hack into a travel agency. Why? Well because there might be some people who are travelling that they want to know where they're travelling to and why and might intercept them or whatever. So, you wouldn't have thought a travel agency was high on the list of a nation state targets, but it absolutely is. So, no one is immune to this, you're being attacked all the time, you are almost certainly infiltrated so when Darktrace, for example, goes into large companies, 70% of the time, they already have something nasty sitting in there. And once you had something, you can never clean it out, can never be sure it's gone. So, it is much more like our immune system in that you assume you've always you're dealing with common cold viruses etc.
The other thing people don't realise is, in this digital world, how you can go about an attack. For example, we had one where a power station was attacked and the way it was attacked was someone just flooded the internet with manuals for vacuum cleaner. And of course, nearly everyone that downloaded that vacuum cleaner manual, nothing happened because the code in it popped up and said: ‘Am I inside the power station, no’. But one power station person did. Gets in, realise it's on a laptop that has to do with the power station and then it starts. And to us, coming from the physical world, it might seem counterintuitive that you put out 100,000 of these just to get one in, but it’s the digital world, it doesn't matter, you can do that. So, even an act that you would think is as simple as randomly picking up a manual off the web can actually do these things.
Then there's all the things that are connected to everything, so we've seen attacks that have come through the thermometer of the wall. We've seen one in a casino that they've had a fancy shark tank, that was online and that was the way in. So, everything is connected to everything. We’re even looking at attacker at the moment where we think it might have come from a car that was in the car park of an employee, and that car was online, and they has also logged onto the Wi Fi. And so, you can get in through the car. You have to assume it's happening all the time. It's around you.
And then the level of attack. So, what you can do now is with 20 minutes of speech - for example, a video or something off the web or recorded phone call - you can copy someone's voice. And so, we've seen attacks where the IT department has been rung up by the CEO who has a reasonably distinctive voice. And the story is that: I'm in a taxi, I've just landed at the airport, have lost my phone, I need you to reset a password, can you send me over this and give me access to that? And when you actually see how this is done it's hilarious because they have a keyboard, and they have all the possible phrases that they might want on a key. And so, the person says: ‘Well, can you give me a little bit more detail about how you lost it?’. ‘I'm not in a place that I can tell you that now.’ And if they’re good you get through any attack. So, the old thing that we would all rely on that we recognise the person voice on the phone, you can't rely on that anymore. So, we're in a very different league.
I think the last thing just to think about is we all love the robot films - Terminator vs Terminator, that's happening now, today. AIs are fighting against each other, but they're not doing it in metal robots, they're doing it on networks running around after each other. So, we're already there.