'Gen V' attacks: The next cybersecurity problem?

In a recent online presentation, Check Point Software Technologies founder and CEO Gil Shwed stated that “we are at an inflection point” when it comes to cybersecurity.

Shwed’s statement came on the heels of Check Point’s release of its 2018 report that found 97% of surveyed companies were unprepared for a new cybersecurity problem: “Gen V” cyberattacks.

Generation V Cyberattacks differ from their predecessors in a variety of ways, Shwed said, the most prevalent difference being the wide range of technologies that they can target, from mobile phones to entire cloud networks. As a result, Gen V attacks can occur across countries, companies, and even continents. An example of this broad scale is the Wannacry attack  that cancelled thousands of doctor’s appointments in the UK while simultaneously crippling the computer systems of German National Railways and Telefonica.

The final defining characteristic of Gen V attacks is the technology used to carry them out. When a Gen V attack occurs, it is done using “state-sponsored” technologies. State-sponsored technologies are those developed by large companies or through government sponsored projects. These technologies are now falling into the hands of attackers either as result of simple leaks or as the result of reverse engineering, creating a next generation cybersecurity problem for industry, Shwed said.

Gen V cyber-attacks are the result of a complex cat and mouse game played by cyber-attackers and cybersecurity professionals over the past forty years. This game led to an evolution in cyberattacks and cybersecurity. It is important to understand this evolution because it explains how attacks like Wannacry and NotPetya occurred and had such a monumental impact.

The term “Gen V cyber-attacks” is part of a model that Shwed and Check Point use to divide the information security evolution into “generations.” The first generation of cyberattacks consisted of viruses carried on discs that would need to be inserted into computers. These viruses were limited in scope because they were confined to attacking one computer at a time. To combat this, security providers developed antivirus software.

The second generation, which came about in the early 90s, consists of internet-based attacks. As computers grew increasingly interconnected, cyber-attackers became able to attack more computer systems, more rapidly. In response to this evolution, the first firewalls came about.

In the early 2000s, cyber-attackers again evolved to hone in on apps with internet access such as web browsers. Security professionals combated this third generation of attacks with a variety of tools, the most prevalent being IPS Software.

In roughly 2010, cyber-attackers continued this evolution by developing what Shwed described as fourth generation attacks. This time, cyber-attackers tweaked their methods to make their malware more polymorphic. With advanced software, malware could take a different form in different attacks, making it more difficult to detect and trace them. In response to this cybersecurity problem, security developers introduced response techniques like sandboxing and anti-bot software.

Shwed stated that modern attacks are, “well beyond gen 4, they’re at generation 5, while the majority of security techniques in place are between generations 2 and 3.”

In other words, in the current environment cyber attackers are playing chess and putting their targets in checkmate, while their targets would struggle to beat them in checkers. This difference in capability is daunting and is one of the most prevalent cybersecurity problems facing professionals today.

With this gap in mind, the obvious question to ask is, “What can security providers and companies do to catch up to the attacks they’re trying to prevent?”

This Gen V cybersecurity architecture, as the report outlines, must be built on a foundation of real-time threat prevention technologies. Because Gen V cyber-attacks are too fast for security systems to perform reactively, the focus when solving this cybersecurity problem needs to be on preventing attacks before they take hold, Shwed said.

In 2018 cyber security teams have found themselves behind a sizable 8-ball, with the attacks they work to prevent evolving to become bigger, faster and stronger. These attacks can seemingly only become more prevalent in the future, and this prevalence will only further necessitate the growth and evolution of security measures.