Cybersecurity incident continue to bite at businesses and digital communications as especially at risk. These issues are brought to light through one recent cybersecurity incident and an initiative that is designed to tackle the growing problem.
Linux malware
Beginning with an example of a problem first, a new stealthy Linux malware known as Shikitega has been discovered infecting computers and IoT devices.
This news comes via Terry Olaes, Director of Sales Engineering at Skybox Security. As Olaes explains: “In the case of Shikitega, threat actors have been stealthily exploiting vulnerabilities and launching cryptocurrency miners on infected devices. Skybox Research Lab found that the malware industry continues to churn out a wide array of malicious software, particularly cryptojacking and ransomware programs, which increased by 75 percent and 42 percent, respectively in 2021. These programs make it easier for threat actors to mount attacks and turn a quick profit and demonstrates just how nimbly malware developers respond to new market opportunities and economic incentives.”
Olaes recommends that: “To stay ahead of cybercriminals, companies must address vulnerability exposure risks before hackers attack them. That means taking a more proactive approach to vulnerability management by learning to identify and prioritize exposed vulnerabilities across the entire threat landscape.”
Public private partnerships
But how can these goals be realised and is there a partnership role with government? As an example, the U.K. government has signalled its intention to impose strict new security requirements on telecommunications operators, including stiff penalties for noncompliance.
These include patching critical flaws in software within no more than 14 days of their discovery, along with requiring close executive oversight of cybersecurity processes, strict controls over administrative privileges for critical systems and the obligation to identify risks to any equipment that isn’t housed in secure areas.
Looking into these developments for Digital Journal is Michael Scott, CTO of XIoT cybersecurity firm, NetRise. Scott works with global telecom providers to understand vulnerabilities across their hardware, which is often being rented from the manufacturers.
According to Scottl: “The new security requirements imposed by the U.K. government are a step in the right direction, but they will only be truly effective if there are also rules requiring manufacturers to be more transparent about the security of their products.”
He adds that a partnership approach is optimal, noting: “Currently, telecom operators may often be left in the dark about the security of the equipment they use, and as a result, they can inadvertently introduce vulnerabilities into their networks. The new rules requiring them to patch critical flaws within 14 days will help in some cases, but if manufacturers are not required to be more forthcoming about security issues, operators will still be at a disadvantage.” Scott reiterates this, stating: “Ultimately, the only way to truly secure telecommunications networks is to ensure that both operators and manufacturers are taking security seriously and working together to protect users.”