Going for gold: ensuring high security at the winter Paralympics
Simon Mullis at Venari Security explores some of this issues that made the winter Paralympics so difficult to secure.
Global events have always been clear trophy targets for threat actors. However, with the winter Paralympics this year the cyber security requirements, and the potential for high-profile digital disruption, have never been higher.
Tensions were already high around the Beijing winter Olympics, with warnings to athletes issued by the FBI. And we are now in an even more delicate cyber environment.
Previously during the 2020 Tokyo Olympics and Paralympics, the NTT Corporation – which provided its services for the Games – revealed it successfully blocked over 450 million attempted cyber-security related incidents during the event. And there were similar concerns ahead of this year’s Winter Olympics and Paralympics.
Let us be clear that the 450 million blocked attempts were those that were detected. It stands to reason that the real number was higher as there will have been an unknown number of cyber security incidents that went undiscovered.
So, what is the best way for security professionals to secure such events?
The global threat landscape is shifting
Cyber-security risks are unquestionably rising around the world. Experts in the field reported that 2021 saw 50% more cyber attacks per week on corporate networks compared to 2020. Ransomware attacks in particular are expected to continue this year.
In this context, an event such as the winter Paralympics doesn’t just introduce security risks for individuals. It can have consequences for national security too, giving cyber actors an opportunity to not only to steal information or install tracking tools, malicious code, or malware onto personal devices, but also disrupt national network services.
The FBI recommended maintaining offline, encrypted backups of data, regularly updating VPNs and network equipment, and scanning for viruses or malware. In addition, there are a number regulatory and best practice requirements that can be implemented. But are these measures enough?
There is no silver bullet for security
No security team would ever claim to be able to prevent all cyber attacks. And with all global events like the winter Paralympics attracting the attention of cyber criminals, it is inevitable – and increasingly well accepted - that someone will break through the barrier.
The key is therefore that any malicious activity - or the possibility of malicious activity - is detected as quickly as possible and stopped before it can disrupt services or exfiltrate information.
However, detecting attempted breaches or anomalous activity on networks has been rendered hugely more challenging with the widespread adoption of end-to-end encryption. While end-to-end encryption offers the opportunity to ensure end-user and transactional privacy, it also introduces new challenges for security teams that could end up leaving information exposed.
Indeed, even the FBI is wary of the consequences of strong encryption in the fight against cyber crime. Why? Cyber criminals are now using the same encrypted channels that are designed to preserve data privacy to hide their activity from detection.
This potentially malicious behaviour is easily concealed within legitimate encrypted traffic, with TLS encryption often used to hide aspects of intrusion, egress, and lateral movement in target networks.
There is an option in some instances to use decryption of encrypted traffic for security inspection. However, there are challenges in this approach. Firstly, the sheer volume and speed at which data passes across networks. Secondly, the requirement to selectively decrypt some classes traffic in line with some privacy policies. Finally, some newer versions of encryption make in-line decryption practically impossible.
This presents a substantial and very serious blind spot for security teams. The majority of existing malware detection and countermeasures target decrypted traffic and are unsuccessful when it comes to detecting threats in encrypted traffic.
Instead, security teams require systems that empower them to identify unusual activity without decryption. Using real-time behavioural analysis and machine learning, Encrypted Traffic Analysis (ETA) examines encrypted traffic in transit and provides a clear understanding of risk in the moment and over time.
This not only significantly increases the rate at which malicious, anomalous or aberrant encrypted traffic can be detected, but the speed of detection too. By alerting in real time, security teams can react immediately to contain real and potential threats as they are introduced, rather than responding after the fact.
There is no simple security solution
So, if there’s no simple solution for security… can we establish a gold standard instead?
Ultimately, cyber-security risks are only getting more complex in today’s threat landscape, and cyber attackers are discovering new ways to attack. Whether it’s an international sporting event or enterprise network, the threat of infiltration is significant.
Security experts must be aware of the threats that encryption might bring, whether due to improper configuration or implementation or when used by a malicious actor.
Simon Mullis is CTO at Venari Security