Use your computer fearlessly.

Mission Services Articles Research

technical: cybersecurity

Cyber-Arms Race

by Brent Kirkpatrick

(Date Published: .)

The goal of cyberwar is severe economic damage, and cybersecurity method innovation is its arms race.

Computer security is a just-in-time profession. The job is to identify exploits in the wild and innovate patches to the vulnerabilities that they exploit. One wants to patch the vulnerabilities that are actually exploited rather than the ones that we imagine being exploited. Much of the industry does the latter rather than the former, simply because they lack to ability to capture and analyze cleverly hidden exploits. Yet, this is exactly the task of the profession.

There is an arms race every time hackers saturate the ability of the industry to respond, requiring new methods to be innovated. For the duration of the arms race, this creates a brutally competitive environment for computer systems experts. If you fail to secure your systems well enough, you may be plagued by set-backs or be outed by the hackers as having weak security.

motherboard overlayed with INC shield logo being attacked by a worm and sword

Worse, as hackers successfully compromise the computer industry, they gain access to source codes that can be used to broaden their attacks. For example, if a hacker gains access to a BIOS manufacturer's source, they can embed a back-door in the BIOS, compile it, and distribute their version as an update. If they are very successful, the hacker might be able to get their version of the BIOS shipped with the computer.

When computer professionals suspect that they are hacked, they usually begin looking for machine code. After being unable to find exploit machine code, many professionals wrongly assume that their systems are not hacked. The principle of "innocent until proven guilty" only works with people, not computers. It is more appropriate to assume that an arbitrary computer is hacked, and that there is a skills or methods crises that prevents discovery of the exploit machine code.

We are currently in an arms race that began in 2014. The industry is staggering under the load of discovering and defending against active exploits. Intrepid estimates that there are half-a-dozen worms currently in the wild.

Intrepid Net Computing is in the business of capturing and analyzing difficult-to-find exploits, including worms and Trojans. These exploits often clean-up after themselves or hide very cleverly. We use experimental methods and statistics to isolate machine code.

defendIT image

defendIT (TM). AI-driven security measures derived from security incident data.

INC Logo

What Is New? | Contact | Tips

© 2015-2021 Intrepid Net Computing. All rights reserved.