FeaturedTFIR Insights

We are experiencing increase in cyberattacks due to COVID-19


Here is a lightly edited transcript of our interview with Alex Gounares, CEO and Founder of Polyverse on the topic of challenges for IT during the COVID-19 pandemic.

Swapnil Bhartiya: What kind of new, IT and security related challenges this COVID-19 crisis has created for all these companies who have rushed towards work from home model?

Alex Gounares: We are certainly seeing with our customers a pretty dramatic increase in cybersecurity issues across the board. And it gets to a very fundamental issue, if you will, that’s going on right now where it’s a time of great change. And everybody’s routines and habits and patterns are getting disrupted. And if you’re an attacker that’s music to your ears because it’s a time when you can prey upon people’s confusion and fear and so forth.

One really good example where we see this now is increasing in phishing attacks. And you’ll see people sending out either fake Zoom links or just even fake instructions on how to get to the VPN or how to get to the corporate network or whatever because it might be a set of things that people never had to do before and now they’re trying to do it and the attackers are preying upon that disruption of habits and confusion to try to trick people into going to nefarious websites or revealing passwords or other types of sensitive information. So we’re absolutely seeing an increase in attacks these days.

Swapnil Bhartiya: Are there any common mistakes that people are making, and you would advise against those?
Alex Gounares: Old style security mentality just doesn’t work anymore. And you hear a phrase being bandied about a lot called “zero trust security”, and what is ‘zero trust‘? Well, it’s one of these marketing buzz words, so it means a lot of different things to a lot of different people. But fundamentally the old-style model, if you will, was you build your castle and your castle walls. And so, when you were inside the corporate network, everything was “safe and secure”. You trusted things inside the castle, inside your corporate firewall and you didn’t trust anything on the outside.

It didn’t work, but you at least had the illusion of everybody was showing up to the office, and so you actually did have at least a chance of doing something there. But now when everybody’s working from home, that entire model of having VPNs and firewalls around your corporate network and all that, that’s completely shot to heck because everybody now is at home and coming in remotely. And so what is that moat? What is that wall that you have anymore if 100% of your workforce is now coming in from arbitrary places over the internet?

So the fundamental model that people had before and that legacy firewall based security model and VPN based security model just doesn’t hold up anymore; it wasn’t holding up before, but it very much does not hold up in a world in which everybody needs to work from home as we deal with this coronavirus crisis.

What can you do about it? This is where we’re really focusing in on this security by default. There’s intrinsic cyber resiliency. There’s a lot of zero trust solutions, but when you think about what that means, it says don’t rely on perimeter defense. Make every one of your systems — from the deepest system in your data center to your edge devices to your laptops, to the whole thing –- resilient. If every one of your devices has to authenticate, you’ve got to prove who you are, and every one of these computing systems is intrinsically resilient, whether it’s using “polymorphing” technologies or something else, then you’ve got a really strong defense and depth where every piece of your systems are defended and it doesn’t really matter whether you’re in or out. That’s the whole point of zero trust is everything’s on the outside if you will.

Swapnil Bhartiya: Have you seen an increase in attacks and what kind of attacks are those?
Alex Gounares: Yeah, so we’ve definitely seen an increase in attacks and our customers have reported this to us as well. They’re basically two major classes that I would say we’re seeing. I want to caution, at this point, at this stage of the crisis, this state is anecdotal, or not yet at a point where all the dust is settled or we’re able to collect up all the data and analyze it and do a proper mathematical treatment. But anecdotally we’re seeing a dramatic increase in phishing attacks for all the reasons I was describing before. There’s a lot of confusion in the world, so that’s a perfect opportunity for phishing.

The other thing we’re seeing is as an increase in file-less attacks, because you think about in all these memory-based attacks where just your data center systems, your cloud systems and so forth are being probed remotely. And if you look at the reason behind this, it has to do with, again the legacy model of cybersecurity where you have a 24 by seven security operation center. Most security solutions these days are reactive in nature. Something bad happens, you run whatever fancy algorithm, AI, whatever, and maybe you detect it, maybe you don’t, there’s some error rate with it and whatnot. And then you literally have a human going in and looking at the results of these things. And they can be using some really fabulous tools like Micro Focus, ArcSight, or Splunk or what have you.

But fundamentally the model relies on having a set of humans watching over what’s going on. Well, that’s fine if you have humans. What happens when you don’t have the humans or they can’t show up to your security operations center because you’re locked down in quarantine or hopefully they’re really… We’re not in a world where would you wish anybody to be sick, but it’s happening, people are getting sick. And so a model that relies on having perfect staffing 24 by seven of a set of humans in a physical location, that is a very problematic model in a pandemic world.

The attackers know this and they know that the IT staff, not only are they challenged in a labor force perspective but even if everybody’s healthy and showing up to work, you’re still getting overwhelmed with your VPN. And we’ve heard a lot of reports of customers having to ration their VPN and tell their employees, “Well, you can log on from 9:00 AM to 10:00 AM.” And, “You can log on from 10 to 11.” So your IT staff is just overwhelmed right now, even if they can show up to work. And so it’s the perfect time to go launch a memory… A data center attack, particularly one of these file-less attacks because the folks that are supposed to be watching or distracted or unavailable.

Swapnil Bhartiya: Is there any special motivation behind attacks these days
Alex Gounares: I haven’t heard of any unique motivations because of the crisis. If you think generically into the major categories of cyber actors and their motivations, you can break it into a couple of different categories. You have your nation-states where they’re doing this for some political agenda, whether it’s Russia meddling with elections or China stealing plans and information and trade secrets and so forth. There’s a national agenda and there’s serious money behind it. And sometimes that national agenda, if you take some of the states like Iran, the agenda is to go cause trouble. It isn’t necessarily financially driven.

So you’ve got your state actors, then you have your organized crime. And by and large, that’s financially driven. And they’re looking for your health information, they’re looking for your credit cards, your banking information and so forth. And then your final set of actors are basically, I’m going to call them the glory hunters. These are the folks that want to be involved in nation-states or organized crime, but they’re out there just causing trouble to make a name for themselves. They are the so-called script kiddies. But they basically don’t have any agenda other than fame for themselves. And those folks can be particularly troublesome because they’re just causing trouble.

So, all those motivations, they were there six weeks ago as much as they are now. And I don’t know right now of anything where the coronavirus itself is creating a new set of motivations.

Swapnil Bhartiya: Since a lot of things moving online – including many sensitive businesses that were traditionally done in-person. I was curious if this creates some new opportunities for attackers now as all these activities were online earlier?
Alex Gounares: I agree with that. I would say the opportunities are much larger. The motives are still there, but the opportunity for somebody to go cause trouble has dramatically increased by an order of magnitude. And that’s why I think we’re seeing the corresponding rise in attacks, because the desire to go make money or cause trouble or whatever any of those motivations we went through, that’s still been there, but now it’s just easier than ever.

Swapnil Bhartiya: I also want to touch a bit about what is going on with Zoom?
Alex Gounares: Zoom is an interesting case study in security in a lot of different dimensions. Fundamentally, if you set security aside, Zoom has done a brilliant job with their product. We’re on a zoom call right now. I’ve used a lot of the competitive systems, whether it’s Microsoft Teams or something else, and they just don’t match the level of ease of use, experience, and quality. Just, the fit and finish on Zoom is phenomenal and they’ve done a really, really good job. And I think that’s why they’re seeing the success they’re seeing, even though this is a field that has been around for at least 15 maybe more years of products; just those products were never very good. And Zoom really nailed that user experience.

But they did it at the cost of security. We can jump on and just go have a Zoom call, but actually, if anybody knew the number, they could hop onto this video right now. So Zoom fundamentally said, “Hey, we’re going to use security parlance” which goes by the name of Security Through Obscurity. They have this little secret, one number between users. That’s their security model. That yields a very simple and hassle-free user experience, but at the cost of that fundamental security model.

Their CEO just recently announced a stand-down for the company to go work on these things. I think time will tell how they approach the solutions, whether they give up some of that user experience or if they’re able to come up with a very elegant model that maintains that fit and finish and high-quality experience that they’ve created, but adds insecurity. So I do applaud them for owning the issue and directing his company to go focus on it. So we’ll see what they do.

Swapnil Bhartiya: I want to talk about the polymorphic model that you talked about earlier, that if people are using this model, how much protection do they get on all those attacks and hacks that are happening because what you literally do, as you explained last time, is that every system is a unique system. So you are raising the bar for hackers to compromise those systems.
Alex Gounares: So, the fundamental approach that we take with this polymorphing technology, as you were saying, is to create all this diversity in the environment and create that intrinsic cyber resilience. So, the systems are secure even if you aren’t patching them, even if you aren’t rapidly deploying the patches, even if you aren’t monitoring it 24×7. It’s got this intrinsic reliability to the system. And that’s one of the things that’s particularly valuable in today’s world for all the reasons that we were talking about. Where, if your IT staff is either unavailable or busy and they aren’t able to do the traditional legacy (watch these things 24 by seven like a hawk) that intrinsic reliability and cyber resiliency is an incredibly advantageous feature.

Swapnil Bhartiya: Do you think COVID-19 will change the whole security landscape in a way that people have started to rethink how they build their system and infrastructure?
Alex Gounares: I think it will, and it goes back to my earlier comments about the zero trust. right? Every legacy traditional cybersecurity approach fundamentally relied on assumptions that aren’t true anymore. Relied on the assumption that everybody would physically be in the same building or relied on the assumption that you had IT staff that you could send out to the field or send out to go patch things or what have you. And when those assumptions about where your employees are and the availability of IT staff are broken, then so is your security model.

So I do think this has dramatically heightened the need because zero trust has been a buzzword for years now and everybody keeps talking about it, yet how many companies are still relying on a VPN? Just take the simplest thing. And it’s not that they’re bad for relying on a VPN. There’s a lot of good uses for a VPN. We use VPNs at Polyverse, but we use a VPN in a zero-trust fashion, which is an important distinction.

But now, you don’t have the luxury of just chatting about it anymore. You have to do something. Every CSO and CIO has to make a change now because those old assumptions are gone and they disappeared literally overnight when the president or the state governor, depending on where you are, says, “Shelter at home.” Everything you thought you knew about the world and how you would run your company just changed and it changes instantaneously, and so CIOs are going to have to adapt to this.

Note: Polyverse is a member of TFiR Influencer Marketing Platform (IMP).