Follow Datanami:
October 12, 2016

Criminals Are Using Big Data Tech, And So Should You

(Lagarto Film/Shutterstock)

If your company’s big data collection fell into the wrong hands, it could be devastating. That’s not news. But what you might not be aware of is the fact that cybercriminals are increasingly using advanced analytic tools and techniques to more efficiently mine and monetize stolen data. And to efficiently combat the bad guys, you should probably be using those tools, too.

The respected security firm RSA warned companies about the security threat that big data tech posed to companies several years ago. “The sophistication, agility, and speed at which a cybercriminal operates and monetizes their fraudulent information have improved through the use of big data analytics,” Kate McGavin, a senior product marketing manager at RSA, wrote way back in 2013.

Just as big data tech gives legitimate companies the advantage of scale, cybercriminals use also big data tech in several ways, including for data mining and for automating attacks.

As big data breaches get bigger and more of your stolen information is available on the Dark Web, cybercriminals are turning to more sophisticated tools to query and make sense of their illicit databases. Many of these tools are based on open source technologies, and are packaged and shared by black-hat types over the Internet.

McAfee’s Center for Strategic and International Studies estimates the total cost of data breaches to be 15% to 20% of the Internet economy, which is worth $2 trillion to $3 trillion per year. While massive data breaches are a serious concern, the big data issue may not be what’s most important, says James Scott, co-founder and senior fellow at the Institute for Critical Infrastructure Technology.


A vulnerability in SWIFT, the international banking clearinghouse, enabled cybercriminals to steal $81 million from a Bangladeshi bank earlier this year

“Hackers, as they amass treasure troves of stolen data…are able to use big data analytics to further customize the perpetual use of their lists, thus being able to continuously sell into new markets,” Scott tells Datanami.

The advent of off-the-shelf distributed processing systems makes it easier for cybercriminals to conduct cyberwarfare on a truly massive scale. Hackers, which are increasingly backed by governments who are not aligned with the national interest of the United States, have created giant botnet armies with millions of infected PCs that allow them to carry out a variety of attacks against vulnerable PCs and other endpoints on the Internet and within organizations’ LANs and WANs. Think of how the Borg expanded in “Star Trek,” and you have an example of how cybercriminals can exploit gaps in the network armor to exploit the softer underbelly of corporate America.

Here’s another tactic they use: According to a recent network security report from Radware, the advent of automated, bot-based attacks can result in hackers overwhelming specific networks for long periods of time, creating what’s being called an Advanced Persistent Denial of Service (APDoS). If that doesn’t sound like a serious threat, then you’re not paying attention.

As the old saying goes, you must fight fire with fire, and that means employing big data technology to protect your company’s data and its reputation. And with the General Data Protection Regulation (GDPR) poised to bring massive fines (up to 4% of top-line revenue) to companies that lose their customers data starting in 2018, it will quickly become a matter of corporate survival.

As a company, the first step in protecting yourself is to protect your data. You must implement industry best practices regarding the protection of transactional systems, such as ERP systems running on relational databases, as well as the archival and analytical infrastructure running on Hadoop. Any piece of sensitive data should be encrypted or masked to prevent it from being used by hackers. Strong authentication and access controls are also needed to keep the bad guys out.

But following these procedures isn’t enough. The best defense, they say, is a good offense. In the security business, that means you need to start actively hunting the hackers in your network. Because it’s not whether you’ve been hacked, according to FBI Director James Comey — it’s whether you know it or not. “There are two kinds of big companies in the United States,” he said. “There are those who’ve been hacked…and those who don’t know they’ve been hacked.” Just ask the Democratic National Committee.


Apache Spot (incubating) is a Cloudera-led initiative to devise a common data model for next-gen Hadoop-based security analytic tools

In a report earlier this year, Gartner said that companies should turn to user and entity behavioral analytics (UEBA) to protect themselves. You can find UEBA (also known as just UBA) from a handful of vendors, such as Exabeam and Securonix.

Securonix uses a “signature-less” engine that uses machine learning to identify anomalies in the behavior of people and other entities active in a company’s network. The software runs natively in Hadoop, and the company is a partner of Cloudera, which itself is helping to combat the cyber threat with a common set of Hadoop-based tools and data models called Apache Spot (incubating).

Exabeam, meanwhile, also uses machine learning algorithms to monitor user behavior. The company’s recently released Threat Hunter provides a GUI that enables security analysts to search, pivot, and drill down across multiple dimensions of user activity to find sessions that contain specific risky behaviors.

You can also spot the trails that bad guys leave using security log management tools or services from vendors like Splunk, SumoLogic, and LogRhythm. Even the security information and event management (SIEM) tools, which can “see” and correlate events among different systems in complex IT environments, are better than nothing, even though they largely rely on signature-based identification methods.

Because signature-based methods are always backwards-looking, they’re not ideal for detecting new threats, which is a “known unknown” in the security business. In the future, the security industry will rely largely on artificial intelligence (AI)-based technologies to detect emerging threats.

Wherever you stand, do something, because the costs of not having an active plan for countering hackers who are big-data savvy is too great, says Scott of the Institute for Critical Infrastructure Technology.

“There are hacker for hire services that sell their ability to breach any organization for data exfiltration,” he says. “It used to be that organizations would sell solutions that helped organizations respond. Now they also need to be able to predict. Artificial intelligence is becoming a mandatory thread that must be spun through each layer of security if the security is to be meaningful.”

Related Items:

Why Machine Learning Is Our Last Hope for Cybersecurity

Machine Learning Enlisted to Fight Ransomware

Super Scalable SIEMs Set to Tackle Big Security Challenges