Last year, cybersecurity company Cybereason Inc. was contracted by a large multinational company to handle a security event. The company’s security systems identified a breach, but couldn’t take care of it on their own, Cybereason co-founder and CEO Lior Div said in an interview with Calcalist earlier this month.
For daily updates, subscribe to our newsletter by clicking here.
Established in 2012, Cybereason specializes in endpoint detection and response software. In June 2017 the company raised $100 million from Softbank Corporation, which also connected the company to many of its global clients.
In this case, Cybereason’s team discovered that the attackers had full control over the unnamed company's system—including the company’s computers, serves, microphones, and cameras. “The company continued to function because the hackers were ‘nice,’ and didn’t interfere with daily operations,” Mr. Div said. “The employees went on with their manufacturing work, and all the while the hackers continued to siphon information.”
Cybereason traced the steps of the attackers by identifying all of their access points and reconstructing their activities. “It came to the point where we could tell the client: you clicked on an email here, the email infected this computer, and then the disc-on-key that was in the first computer infected the second one,” Mr. Div explained. “Only when we have all of that information, can we create the tools that will repel the attacker from the system.”
In this case, since the attackers had access to all of the organization’s computers, Cybereason had to launch its counterattack over the entire system at the same time. The attackers tried again after three days, armed with a new toolset. “They waited for the day they were pushed out, and prepared a whole new kit,” Mr. Div said. “The back and forth continued for months.” In these case, the attackers only backed off after the team prepared a decoy that looked like the information they wanted.
“We are currently handling ten cases of a very significant scale,” Mr. Div said, before explaining that such hacks are both common and constant.
While it might seem strange that such a large company was under the control of hackers for months without its clients being aware, it’s almost par for the course. Many companies conceal such hacks from their customers for years, and some, like Uber, even pay off the hackers to end things quietly. Last year it came to light that the ride-sharing company paid hackers $100,000 to delete the stolen personal information of 57 million customers and drivers, and concealed the matter for a year.
It’s no longer legitimate to hide from your clients the fact that you were attacked, Mr. Div said. Companies should do the maximum to protect themselves, but all companies will be attacked at some point. “You can’t really hide it,” he added. “With every company that tried to hide a breach, the information eventually came to light.”
Despite this new reality, many managers still don’t know how to handle such attacks. “In the event of a cyber event, we advise our customers to bring their lawyers and press agents into the fold as soon as possible,” Mr. Div said. “Many companies still make the mistake of thinking a breach is the problem of the company’s IT department, but it has long turned into the problem of the board and the CEO.”
The tools hackers employ become more sophisticated each year. Use of ransomware jumped from 3.8 million attacks in 2015 to 638 million attacks in 2016, according to data by internet security company SonicWall Inc. In May 2017 the WannaCry ransomware attack hit some 200,000 computers in 150 countries, according to Europol estimations.
Mr. Div predicts 2018 will be the year of the file-less malware, a malicious software that does not write any of its activity to the computer’s hard drive. “Hackers realized that the antivirus scans the computer’s hard disk to stop them,” he explained, but a standard antivirus can’t recognize file-less malware due to the way it operates, giving hackers much more time to work.
“It doesn’t matter what wall we design, hackers will manage to penetrate it,” Mr. Div said. Therefore Cybereason operates according to the cliché but often true saying, the best defense is offense.
“There are hackers we know by name, we know they have a dog, we know who their girlfriend is, and I assume they know us as well. It’s an intimate relationship,” Mr. Div explained. “Some of them keep on coming back for more.”