Many products on the market are still utilizing signature based detection and some newer products are looking at the activity of the computer operator to detect when something bad has occurred. Companies purchase antivirus, endpoint protection, sensors, firewalls and other security product to try and ensure they keep bad actors out of their networks. The problem is that they don't catch them, not the ones that are creating targeted one time use malware. This type of malware has never been seen before because it is written for a single purpose, to target a single person, and then the malware is thrown away and never used again.
Infiltrating for Profit
Over the years there have been many companies that were involved with the creation of "administration" tools, remote access administration tools, or whatever candy coated name you want to use for it today. The problem with most of these utilities is that they can also be used to attack a target, modified in new ways, and then thrown out for new methods. All too often these attacks are not being caught. They are not caught because again, single use malware.
Keep your Enemies Closer
One of the problems we are seeing as the battle lines are being drawn in cyberspace is that nations are hiring top talent away from intelligence agencies. In fact there are many people out there selling technology formerly only available to Government agencies and those elite with big pockets. These big pockets can afford to buy things like zero day code, methodologies and other techniques not publicly known. This same thing happened after the collapse of the Soviet Union when thousands of agents suddenly found themselves without a job. Other nations and agencies would utilize the services of these operatives when needed and the lines farther because blurred between friend and foe. The new norm is even worse. Keep reading...
Today the problem starts with salaries in the commercial words. They dwarf salaries within Government, which in and of itself puts the Government at a hiring disadvantage. There are many good people working in Government that are there for the right reasons. Let's have a look at the private sector.
Many privately owned companies are hiring away top talent from competitors AND Government. Some companies openly acknowledge the practice and others stalk social networking sites to try and find targets to court. Many highly technical companies are targeted by nation states, competition and others trying to get at technology of interest or proprietary trade secrets. In 2019, this is the norm for technology companies. Technology is moving as fast as people can change jobs and technology is going with it.
Failure to track the right things
There are many valuable pieces of information in Government and the private sector. Government primarily wants to track criminals, statistics and illegal activity. The things they don't track are the attributes that are most important. Private companies are collecting large amounts of information and it's no secret that this information is being sold to Government and business intelligence companies. In fact this very behavior is forcing Government to turn to the private sector for more and more information. This information is the cornerstone of being able to understand and predict future behavior. There are not enough models out there to track human behavior, impulse and true random.
For the last 10 to 15 years businesses and Government's alike have been working to track individuals through various methods. If you have enough data points you can virtually find all location data for an individual or in many cases an item (phone, vehicle, etc.) With more and more data finding it's way online, there are many use cases that can be derived from open source data and data that is inadvertently leaked through misconfigurations. These misconfigured servers are popping up on Amazon, other hosted providers and in services such as Elasticsearch, MongoDB and others. It is estimated that there are millions of Petabytes of data available and as we know, when these separate data sources are combined, powerful analytics can lead to undesirable consequences.
While everybody is out there tracking the adversaries, they have shifted to scarfing any data they can find. While analytics are powerful, they are also being used to attack companies, Government and individuals. The problem is many people are tracking the wrong things and thinking they have deployed a true security model to protect themselves. We feel this is a false sense of security that one day will be extremely costly.