While cybercrime continues to evolve in sophistication, defenders consistently fall short of grasping the full extent of the threat - particularly the sophistication of the thriving underground economy.
"I like to call it CAAS - cybercrime as a service," says Derek Manky, global security strategist at security vendor Fortinet. "On the services end, there is everything from consulting, botnet rentals, spam campaigns, a quality assurance testing program for malware and an affiliate program for spreading infections."
Cyber defenders are only now banding together to counter these threats through alliances and information sharing frameworks, Manky says. But even as CERTs and ISACs multiply globally, it is fair to ask: Is this a case of too little, too late?
"Threat intelligence and information sharing has happened in silos with very specific vertical focus - FSISACs, ESISACs and so forth," Manky says. "However, a lot of this intelligence remains useful to organizations in other sectors and verticals."
Manky is closely involved with the Cyber Threat Alliance initiative by vendors Fortinet, McAfee, Palo Alto and Symantec, and he says the CTA and other initiatives are bringing about a slow change. One of the stated goals is to provide intelligence to disrupt the cybercriminal underground.
In this exclusive interview with Information Security Media Group, Manky speaks on a wide range of topics, including:
- The make-up of the cybercriminal underground;
- How information sharing initiatives such as CTA work;
- The Asian cyberthreat landscape for 2015, including concerns around the Internet of Things and IPV6.
Manky formulates security strategy for Fortinet and has more than a decade of advanced threat research experience. He has presented research and strategy worldwide and is a well-known speaker at security conferences. As a cybersecurity expert, his work has included meetings with leading political figures and key policy stakeholders, including law enforcement, who help define the future of cybersecurity. He is involved with several threat response and intelligence initiatives, including FIRST and the Cyber Threat Alliance. Manky has also designed a zero-day vulnerability disclosure framework, which has been used for years to responsibly fix zero-day security holes before they can be exploited.