Check Point Software Technologies uses the term “generations” to divide the evolution of information security into different segments characterized by date, attack vector and malicious payload. The first generation of cyberattacks in the late 1980s consisted of viruses carried on floppy discs that would need to be inserted into computers.
During the second generation, which came about in the early 90s, attacks were launched over the internet instead of through floppy disks. During the third generation, which took place in the early 2000s, cyber-attackers evolved again to exploit vulnerabilities in software applications that relied on internet access. The targets of attacks have become as specific as mail server, web server and applications as criminals realized it can be a source of income for them. They started to steal personal and corporate information. Since a Firewall was not enough to prevent this type of attacks, intrusion-prevention products started to be developed.
In roughly 2010, cyber-attackers continued this evolution by developing 4th generation polymorphic malware that could take a different form in different attacks. Red October, a cyber-attack launched in 2007 is considered the beginning of the 4th generation of cyber-attacks. In this phase, the attacks become better engineered as they got backed by more funding. Attacks of this era were done using tools that can easily get inside any vulnerable machine and steal data from it. Technologies like sandbox and anti-bot were introduced during this time.
When large scale cyber-attacks started to emerge in 2017, the 5th generation of cyber-attacks or Gen V Cyber-Attacks was considered to begin. These multi-dimensional attacks are often state sponsored and use the technology developed by state-organizations that somehow was leaked to the public. Users should be more aware than ever as these attacks can appear on network, mobile device, and even in cloud computing environments. Some infamous 5th generation cyber-attacks are WannaCry, SamSam, and Petya.
To be effective, Gen V cybersecurity must be built to decrease attack surfaces and provide real-time threat prevention. Because Gen V cyber-attacks can happen faster than conventional security systems can deal with, the focus for dealing with this type of cybersecurity problem should be on preventing attacks by correlating, storing and analyzing data across all network devices in real time.
Strategies include the use of next-generation firewalls (NGFWs) with advanced functions including application awareness and the ability to use external threat intelligence feeds that provide security engineers with a live data stream related to potential or current threats. Other strategies include the use of micro segmentation and intelligent application delivery controls.
Contact ASG if you would like to discuss mitigating and responding to Gen V security attacks.