Are You Ready For State-Sponsored Cyber Attack?

Uploaded on 2017-01-23 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

 

Geopolitical tensions ensure that 2017 will be another big year for state-sponsored cyber attacks.  The lethality of state-sponsored attacks derives from their ability to bypass security point products by combining device, network and data center vulnerabilities into an integrated assault.  

Another aspect of state-sponsored cyber-attacks is their willingness to patiently creep from organisation to organisation to get to their target.

Irrespective of the lethality of state-sponsored cyber-attacks, it is a mistake to think that there is no way to stop them.  If your organisation has something of value to a foreign government here are five cyber-attack counter-measures you should be implementing.

Verify User Identity

Phishing to steal credentials is the #1 technique used by foreign governments to gain access to sensitive data.  Why? It works.  The bigger an organisation, the greater the number of supply chain partners, the easier it becomes for cyber attackers to steal credentials.   

The foundational security control to stop credential theft is 2 factor authentication.  To make it less painful, you can extend the session timeout to a full workday.  

To protect more sensitive business critical apps, consider a certificate-based VPN that binds the user identity to their device.  While it is possible to steal a certificate, as soon as you have 2 connections from the same cert you instantly know there’s a breach.

Check Device and Server Software

Right after identity theft, malware is the next favorite cyber-attack technique.  Installing malware on user devices and Internet accessible servers has become commonplace today.   There’s now a robust international marketplace for zero-day attacks and server exploits.

Malware detection software has greatly improved in recent years so there’s no reason not to implement it.  Code signing has been around for a while but IT organisations don’t like setting up PKI services to generate and verify digital certificates. However, this is a critical control for any large organisation.

Match Authorisation to Role

The OPM cyber attackers utilised non-active contractor account to gain access to the data center.  Unfortunately, most organisations maintain non-active accounts for tax purposes, even though users don't need access to the data center.

Make sure the authorisation level matches the role of the user.  If you need to keep identities active for tax or retirement purposes, consider migrating non-active accounts to externally hosted identity services and allowing access only to partitioned services.

Protect Data Encryption and Virtual Desktops

Many IT managers assume that by encrypting data or putting it behind a virtual desktop they are safe they are safe from theft. Unfortunately, most data encryption systems automatically decrypt data for authorised users.  Additionally, virtual desktop solutions are vulnerable to the same server exploits and data center attacks as regular PCs.

To protect against a state-sponsored cyber-attack, data encryption and virtual desktop solutions need the same protections against credential theft and lateral movement that Internet accessible systems have. Implement access controls and network partitions to protect high value data encryption and virtual desktops.

Partition Supply Chain Resources

Most Fortune 500 companies have outsourced some aspect of their mission critical operations to a supply chain partner.  Unfortunately, when partner personnel have all the same internal access as employee’s traditional perimeter security systems are of little value.  It gets even worse when one considers that most outsourcing companies outsource their activities to other outsource companies.

Partition your data center so resources accessed by supply chain partners have no lateral access to sensitive data.  One strategy that has been successfully used is migrate partner apps to a public cloud and utilise a secure application-layer connection back to the data center.  This way if there is a breach, it’s contained to a public cloud.

We can’t stop foreign governments from attacking nations but we can stop the attacks from being successful!  We now have enough data on their techniques to design counter-measures. We need to implement them.

CTO Vison:             What Happens When Two Countries Fight A Cyber War?:

 Surprise: N Korea Hacked S Korea Cyber Command:   

 

 

« Internet Has Changed The Media Business Model
Robots Will Take Our Jobs – But That's Good. »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Fuel Recruitment

Fuel Recruitment

Fuel Recruitment is a specialist recruitment company for the IT, Telecoms, Engineering, Consulting and Marketing industries.

Becrypt

Becrypt

Becrypt is a trusted provider of endpoint cybersecurity software solutions. We help the most security conscious organisations to protect their customer, employee and intellectual property data.

DoD Cyber Crime Center (DC3)

DoD Cyber Crime Center (DC3)

DC3 is a US Department of Defense (DoD) center of excellence for Digital and Multimedia forensics.

Lantronix

Lantronix

Lantronix is a global provider of secure data access and management solutions for Internet of Things (IoT) and information technology assets.

Cloudera

Cloudera

Cloudera provide the world’s fastest, easiest, and most secure data platform built on Hadoop.

Ovarro

Ovarro

Ovarro is the new name for Servelec Technologies and Primayer. Ovarro's technology is used throughout the world to monitor, control and manage critical and national infrastructure.

Cryptshare

Cryptshare

Cryptshare is a communication solution that enables you to share e-mails and files of any size securely.

SecureMe2

SecureMe2

SecureMe2 ‘s mission is to make organizations more responsive to digital threats by deploying smart technology in a highly accessible way.

Meterian

Meterian

The Meterian Platform is a fuss-free solution to protect you against vulnerabilities in your app’s software supply chain.

Cyber Security Forum Initiative (CSFI)

Cyber Security Forum Initiative (CSFI)

CSFI is a non-profit organization with a mission to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training.

OX Security

OX Security

OX is a DevOps software supply chain security solution. Teams can verify the integrity and security of every artifact using a pipeline bill of materials (PBOM).

Strivacity

Strivacity

Strivacity lets brands quickly add secure login and identity management capabilities to their customer-facing applications without tying up an army of developers or consultants to do it.

MiC Talent Solutions

MiC Talent Solutions

MiC Talent Solutions provides recruiting, direct hire, augmented staff, and professional service contracting solutions for organizations searching for minority cybersecurity talent.

ZeroGPT

ZeroGPT

ZeroGPT.com stands at the forefront of AI detection tools, specializing in the precise identification of ChatGPT-generated text.

AI or Not

AI or Not

AI or Not - Leverage AI to combat misinformation and elevate the landscape of compliance solutions.

Infosec Ventures

Infosec Ventures

Infosec Ventures incubates and scales cyber security innovators that solve inefficiencies in cyber security.