PUBLISHER’S NOTE
Yotam Gutman, Lt. Commander (Ret.) Israel Navy
How to fight a virus: Lessons from cybersecurity
There has been a great deal of conversation around the similarities between the spread of the Covid-19 virus and that of computer viruses. And indeed, as the first global pandemic to occur during the age of connectivity, this comparison is valid. But while most focus on how we can leverage the knowledge gained in the “real world” in identifying and stopping the spread of plagues in the virtual world, I would like to offer another perspective. Perhaps we in cybersecurity can return the favor. Perhaps the medical world can take the lessons learned in three decades of fighting “cyber viruses” and implement these in their fight to mitigate the Coronavirus? History Originally, the type of computer software described as “a program that can infect other programs by modifying them to include a, possibly evolved, version of itself ” was named “Virus” by Fred Cohen in his 1986 Ph.D. thesis. Another biological reference made its way into the computer lingo when the first worm was unleashed (although the phrase was used in an earlier sci-fi novel). In the last couple of years, computer viruses, or more widely the panoply of malware as we think of cybersecurity today, have undergone rapid evolution that has made them much more difficult to identify and mitigate: • More variants: 439,000 new malware variants were detected in 2019. That’s a 12.3% increase over the previous year. • More capable: Modern malware threats are far more capable than the old viruses spreading through illegal copies of software distributed via floppy-disks. Today’s malware can steal passwords, exfiltrate sensitive data, encrypt and delete data, and much more. 7
COTS Journal | May 2020
• Harder to detect: Malware authors work hard to make their software difficult to detect. This includes hiding it in legitimate documents (aka “weaponizing” Word, PDF and Excel documents), utilizing detection-evasion mechanisms (like avoiding execution in sandboxed environments), and using legitimate software update mechanisms, all to make the work of the defenders harder. • More aggressive: Some malware types are extremely aggressive; they scan for open RDP ports, brute-force their way onto a device, and then move laterally within the organization’s network, abusing password-protected servers and seeking sensitive data, all without the knowledge of the victim. • Fast: contemporary malware is extremely fast and works at machine-speed to bypass protection mechanisms and achieve its goals—ransomware like “Wannacry” disabled entire organizations in minutes. Adopting Cybersecurity Response To Fight Covid-19 To mitigate today’s plethora of rapidly evolving cyber threats, the cybersecurity industry has developed several methodologies. These (after adaptation) could be used to reduce the spread of malicious software and to mitigate its effects. I will refrain from discussing the obvious virus/Antivirus analogy. Obviously, a vaccine for a computer “virus” would be the answer, but estimates suggest that such a vaccine would not be available in the next 12-18 months, and there’s a lot we can do until then: • Zero trust policy- A methodology that defies the traditional security assumption that everything inside the perimeter (protected by the firewall) is trusted. The main principle of Zero Trus is “never trust, always verify”. This means that every user is asked to verify their credentials every time they wish to “enter” the organization and that every file and process are being constantly monitored – even if they have been “authorized” to run on the computer.
