The ongoing COVID-19 pandemic in our country may be dominating the headlines, but it’s not the only threat that government agencies need to be worried about. While the nation’s attention remains focused on the coronavirus, an old foe is lurking – looking to opportunistically strike at those who may be distracted or impacted by the situation around them.
That old foe is the hackers and cyberthreats that would look to attack our country’s networks. And they’re using the government’s increased reliance on technology in the wake of the pandemic to strike at agency networks that may be more essential – and more vulnerable – than ever before.
According to Adam Meyers, Crowdstrike’s VP of Intelligence, the move toward telework happened rapidly, and cyber threat actors responded opportunistically. Coinciding with the global pandemic, a massive increase of malware and ransomware attacks happened in just the last few months. And no government organization has been spared – whether at the local, state or federal level.
With threats coming from literally anywhere across the globe, from millions of points, it requires a combination of AI and human intelligence to combat attacks. We recently sat down with Meyers who says that, while AI can help categorize the threats, it’s the people who must know how to interpret the data.
Meyers will present more at this month’s Fal.Con for Public Sector virtual conference on cyber-security threats in the last year, and specifically in light of COVID-19.
Here is a preview of what he will present:
GovCyberHub (GCH): Can you tell our readers a little bit about yourself and your responsibilities as Sr Vice President of Intelligence at CrowdStrike?
Adam Meyers: So, I’ve been in the game for a while here. I spent a number of years at the State Department, and working for a defense contractor with various military, civilian, and intelligence community customers. I started Crowdstrike – I was on the launch team back in 2011, and I’ve been here ever since.
Today, I’m responsible for running the intelligence business, which consists of more than 100 people. We cover more than 34 languages and we’ve got more than 135 adversaries that we track as they operate against targets all over the world.
GCH: Your work combining human intelligence and intelligence derived from technology makes for an intriguing mix. How do the two interact in protecting against threats?
Adam Meyers: I think the best answer I can give you on that is that when you’re doing a technical analysis on a piece of malware, or some threat, you get to a point where you have thoroughly analyzed it. You can understand the ones and the zeros. It’s binary, right. It’s a yes, or it’s a no, ultimately.
At some point, a human has to start to provide analysis on top of that. That gets into that kind of gray areas of what a threat is, and how it operates, and who’s behind it. And you require some tradecraft and some analytic models to be able to start to make assessments about these threats. And that’s really the intersection of the humans and technology.
I’ve seen people that are really good technical analysts that can reverse engineer very advanced technical threats, but once it comes down to making some sort of assessment about what its purpose is, or who it’s tied to, or what their goal is, that is something that they just can’t do. And you know, it’s a rare breed when you have somebody that can do technical analysis and provide intelligence analysis at the same time.
GCH: What advantages does AI introduce to the cybersecurity mix? Are there inherent challenges that come with deploying AI initiatives?
Adam Meyers: AI from a cybersecurity perspective really helps categorize things very efficiently and to make determinations about behavior that would not necessarily be something that you could write a rule for, or you could write a signature for. And so, as you apply artificial intelligence to the cybersecurity domain, and to some of the challenges that we face there, you are able to allow the models to determine where good and bad are – where the lines are between what’s good and what’s bad.
You are also able to do it at scale, which is I think one of the critical pieces of this story. It’s one thing to kind of make these determinations here and there, but to do it at hundreds of millions of times per second, that’s when you really get into some of the power of that model and the power of artificial intelligence.
We’re doing it at the end point. You think about some of these organizations that have tens or even hundreds of thousands of endpoints in their environment, and we’re making these determinations in real time on those systems. Doing it at a scale that it’s completely unimaginable, really. I think we had some comparison about the number of events that we see with our end points – we see more events in a day than Twitter sees in a year. We’ve got millions and millions of points globally, in over 180 countries. And that number grows every day.
Adam Meyers: I’m doing a threat landscape. I’ll revisit some of the things that I talked about last year. I’m going to go into some of the biggest threats that we’ve been tracking to the federal government, state and local government, and education and health care sectors. And, I’ll be walking through how that landscape has changed over the last year and how it’s changed over the last three months with COVID-19.
The impact of COVID-19 from the cyber threat perspective. It’s been huge. From February or March, we saw a 100-fold increase in malware that uses COVID-19 themes. It’s a really interesting time where we’re seeing unprecedented threat actor activity and we’re also seeing a massive shift in enterprises that have had to move from operating the way that they intended to adopting remote work and work from home policies that they may have had a roadmap for two or three years out, and they had to implement that in two or three days.
My job is to really tell how bad the threat is, and the other speakers can talk about how to defend against that threat.
GCH: Who do you think would benefit from attending Fal.Con for Public Sector this year? Why is now an important time to hold this event, and why is it important to bring this community together – even virtually?
Adam Meyers: I think that anybody that is responsible for information security – anybody that’s doing it for government level position whether it be federal or state local, or even down to more local governance. We’ve extended it out to healthcare and education, as well. And I think anybody that has to think about how to prevent the next attack will benefit from being at it this year.
You know one of the biggest threats we’ve seen in the government, and particularly at the state local level, is ransomware. Enterprise ransomware – what we call big game hunting. And, that threat is increasing. We’re seeing more threat actors jump into it, and we’re seeing them change their tactics in some pretty horrifying ways. We’re going to see them exfiltrate or steal the data from the systems that they’re encrypting and then auction it off to the highest bidder.
So, there are a lot of things that I think participants in Fal.con need to be aware of, and to understand from a threat perspective so that they can make sure that they’re not the next headline.
To register for Fal.Con for Public Sector and Adam Meyers’ discussion, click HERE.