Think back to the disruption that load shedding caused across South Africa earlier this year. A natural disaster, hurricane Idia caused the rolling blackouts but now imagine someone employed by another government had hacked the Eskom power grid. Think of the damage caused to our economy through lost working hours and lost investor confidence. This could be considered an act of war against South Africa.
Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. There is an invisible mounting threat of cyber warfare where digital technology can be used to cause harm to a nation, its government and people.
The threat landscape is continuously expanding as more aspects of our lives and systems are brought online. The increasing uptake of Internet of Things (IoT) technology allows for the remote monitoring and control of sensor-equipped industrial systems and utilities. This digital transformation promises higher efficiency, savings and safety. But it also opens governments, systems and people up to a whole new world of cyber threats.
One of the first publically known acts of cyberwarfare is Stuxnet, a sophisticated and highly malicious worm which crippled the Iranian nuclear programme in the second half of the Noughties. Stuxnet hijacks industrial system hardware and destroyed 1/5 of Iran’s nuclear centrifuges. Although there has been no confirmation of this, the attack has been linked to the US and Isreal, working in conjunction to hamstring Iran’s nuclear capabilities.
Given the context of cyberwarfare, having a more offensive approach to cyber-security makes sense, performed in conjunction with defensive techniques.
This brings us to threat hunting. The process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions. Threat hunting is a vital part of a cyber-soldiers arsenal; it is an advanced cyber-defence process that takes the fight to the hackers by continually considering their behaviour. This primarily involves going beyond a network’s boundaries into the web – particularly the Dark Web – to get grips with changing angles of attack. Get good enough at threat hunting, and you can predict an attack before it happens.
Threat hunting is a key addition to any cybersecurity strategy. We believe that there is no such thing as being 100% secure, but you can do your best to get as close to 100% as possible.
We take an offensive security approach which is different from traditional cyber-defence measures. It requires an entirely different way of thinking. Threat hunting requires you to think like an attacker, to continually ask questions and consider compromise so that you can find weak spots in a system, test them and then fortify them. Always assume that your system can and will be compromised.
Although threat hunting is in the “emerging cybersecurity technologies” bundle, you need to acknowledge the role that human instinct plays alongside digital technologies in the process. It is a process of people manually trawling logs to detect anomalies and using pattern recognition software. Today there is about a 60/40 human-machine split in threat hunting. Although threat hunting is supported by machine learning and big data analytics, we still need human creativity, logic and intuition to remain the foundation of threat hunting.
When implementing threat hunting as a monitoring strategy, the first step is to understand what is typical for a company’s operations and set a baseline. Every company will be different. Once you establish your baseline, you can look for breaks from it. Machine learning will help with this continuous process, and on recognition, a Blue Teamer will need to take a closer look. It could be that compromise is detected before damage is done.
A parallel process to this action is the creation and testing of cyber-attack hypotheses with Red Team involvement to stress-test the concepts. Threat hunting may sound exciting, but it is systematic, repetitive and iterative. It is asking questions all the time to find loopholes in systems, pre-emptively, through the creation of scenarios.
Fortunately, even as cyberwarfare becomes a greater concern, taking advantage of all the smart networks in our lives, there is threat hunting. Both proactive and advanced, it’s a highly effective solution to thwart such potentially catastrophic incidents before they happen.