Guest Column | June 19, 2018

Hackers Are Not Natural Disasters Or Acts Of God

By Ian Eyberg, NanoVMs

Hackers Target Small and Medium Businesses

Data breaches are unfortunately becoming more and more common as the never-ending march toward digital transformation carries on while picking up pace. No other sector is as directly impacted by breaches than health care as medical records are considered an order of magnitude more valuable than even credit cards.

Existing security measures as we all know simply don’t work, leading some organizations to rely more heavily on costly cyber insurance and consider breaches to be as unpredictable and indefensible as earthquakes or flash floods.

Hackers and their automated tools are not acts of God so why do we treat them as such?

If we step back, we can understand that data breaches are largely composed of two broad problems:

First, our existing software infrastructure environments are largely outdated and second, we have experienced a Cambrian explosion of IT hardware and systems.

Politicians talk about crumbling bridges and roads, yet no one speaks about the state of software infrastructure. Specifically the fact that most operating systems in use today, that every imaginable piece of software sits on, be it a CRM, EHRs, EMRs or databases, have design characteristics that were devised in the 1960s - almost 50 years ago. These systems were designed on machines of that time period that were so expensive (not to mention so large) that they needed the capability of running multiple programs by many different users.

Yet today in 2018 despite whether you have on premise infrastructure or your data and software lives in the cloud, virtualization is widespread. This singular distinction allows us to migrate away from harmful operating systems of yesteryear. Did you know that if you boot up a virtual machine on the public cloud or even in your own datacenter it has support for both a USB drive and a floppy disk? What use could you possibly have for a USB drive in a *virtual* computer? This isn’t your laptop. It’s virtual. It’s completely physically in-accessible! Have you even seen a floppy disk in the past 10 to 15 years? The only people that will use that functionality are hackers.

However, it goes further than that. Many of the predominant operating system environments for server-based applications, such as databases, support the concept of running multiple programs on the same server by design even though developers today go out of their way to isolate them from each other. This concept is the direct reason remote code execution attacks, in-memory attacks and specifically so-called shell code exploits are possible. Without this capability these styles of attacks simply go away.

Unikernels are a way of provisioning software applications such as databases, CRMs, EHRs, EMRs, and other applications as single process systems. These systems do not allow anyone to log in to them. Indeed, they do not even have the concept of ‘users’. By design they cannot run other software that is not present in the machine image. This is all done without modifying the underlying software.

What makes them even more interesting is that once a hacker has access to an internal, typically ‘trusted’ network, they have unfettered access to continue their attack much akin to the way the Trojans were able to successfully penetrate Troy. It becomes much easier once you are inside the city walls. It is quite common for an attacker to immediately start scanning for other vulnerable systems inside a network to continue the attack.

In addition to unikernels preventing these forms of attacks, also of note is the amount of security considerations they displace. Patch management and the idea of “keeping systems up to date” for instance is considered a best practice, albeit a very expensive and time-consuming activity if not using sophisticated software solutions.

While keeping your systems and software up to date is a good practice unikernels allow you to run your existing software such as EHR systems with known vulnerabilities in them and it just doesn’t matter that the vulnerabilities exist because one cannot exploit them in the same way one could on older outdated systems.

For example, there has been a recent wave of new JBoss ransomware attacks. You could run completely vulnerable JBoss software that the SamSam ransomware specifically successfully targeted on legacy systems using internal tools such as jexboss - https://github.com/joaomatosf/jexboss. Yet on unikernel based systems this ransomware simply doesn’t work since they take advantage of the fact that Windows and Linux systems are inherently designed to allow multiple programs to run on the same system. Unikernels don’t have the facilities to allow that to happen - by architectural design.

When you utilize unikernels you end up not just protecting the one server that was targeted but you prevent that system from being a proxy to attack the other thousands of internal systems that are reachable by network from there.

Unikernels obviously don’t solve all security problems but they do stop attacks that involve running other programs on a given server where they didn’t exist to begin with - which happens to be the main epidemic.

Hackers are not natural disasters and we should stop thinking of them in that light. Simply upgrading 50-year-old software infrastructure is a major step in stopping them.

About The Author

Ian Eyberg is CEO of NanoVMs (www.nanovms.com).