Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/4/2021
10:00 AM
Matt Shea
Matt Shea
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

What the FedEx Logo Taught Me About Cybersecurity

Cyber threats are staring you in the face, but you can't see them.

Negative space is not a common term, but if you spend any time studying company logos or graphic design, you will hear it. "Negative space" is the space between and around objects in design. Talented artists look for opportunities to create additional meaning or hide Easter eggs when creating logos, choosing fonts, and spacing letters in the company name. 

One of the more famous examples of negative space is the FedEx logo. The logo's design team realized that by picking a specific font and letter spacing, they could create an arrow between the letters E and X. An arrow is the perfect symbol for a company that's always in motion delivering products to customers. The story goes that at the first design review, only the CEO immediately saw the arrow and the rest of the team missed it. Maybe, even after all these years, you have missed it as well.

Credit: Pixiellogo
Credit: Pixiellogo

Related Content:

Stopping the Next SolarWinds Requires Doing Something Different

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: Cloud Security Blind Spots: Where They Are and How to Protect Them

Many see what they expect to see and miss what is staring them in the face. Since they aren't viewing things in a full context, people experience something like the FedEx arrow and other negative-space objects as a blind spot. Once someone points out the negative space, peoples' blind spots usually disappear so that they can see the whole picture. 

Cybersecurity vs. the Blind Spots
Cybersecurity is rife with blind spots, but the consequences have more serious impacts than missing a hidden marketing message. In cybersecurity, there is a constant war to find the next attack, whether from financially driven hackers or adversarial nation-states, before it's too late. To counter these attacks, many companies do what they think they are supposed to do: build up a library of known attacks, also called signatures. Then they compare network traffic or event logs to these signatures to try to match previous events to what is happening now on the network.

This approach was somewhat successful initially, but hackers quickly varied their attacks to avoid matching known signatures. The cybersecurity industry responded with pattern matching and complicated attempts to interpolate between what happened and determining whether the attack closely resembles anything they've seen before. It's a statistical rolling of the dice, sometimes using tools like neural networks and the like. 

Pursuing larger and larger signature and rule sets comes with ballooning costs and runtime inefficiencies. Marketing tries to spin this as a good thing, pitching the biggest, largest, or most complex database (or data lake) of past known signatures with a "bigger is better" value proposition. Weekly updates lend even more false assurance that you are constantly protected. 

Zero-Days Undermine the "Bigger is Better" Approach
The problem is that this approach has a blind spot, which is that the bad guys are using adversarial artificial intelligence (AI) to develop attacks that don't match historical signatures in any way and won't be detected with signature or signature-variant approaches. 

These novel attacks are exemplified by the SolarWinds attack in late 2020 and other "zero-day" attacks, so called because they are not known before they are put on the threat list. Cybersecurity vendor FireEye said it could not effectively alert on the SolarWinds attack because the hackers "used a novel combination of techniques not witnessed by us or our partners in the past." Therefore, the attack was able to bypass its defenses.

So, how do you find something if you don't know what it, or something close to it, looks like?

Just like the FedEx logo, the answer is staring you in the face. The solution is to change how you are seeing everything you are looking at.

In cybersecurity, this means in order to identify threats you've never seen before, you must change how you are looking for threats. Rather than looking for what you think is an attack, examine everything that is not normal behavior. If you elevate what isn't normal, you will examine all anomalies, including attacks that you have and haven't seen before.

Just like in real life, sometimes seeing an arrow you don't expect will point you in the right direction.

Matt Shea serves as Head of Federal for MixMode, which is a "Third Wave AI" (by DARPA) company with products in cybersecurity. With over 20 years of experience in the technology space, Matt has concepted, architected, and developed groundbreaking solutions that blend ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
John-Roy
50%
50%
John-Roy,
User Rank: Apprentice
6/7/2021 | 6:00:54 PM
My Mantra
What about this quote?

 

there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don't know we don't know.

 

Donald Henry Rumsfeld
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.