Cybersecurity Lessons From Ancient History

In the Trojan war in the twelfth century BC, the legend of the Trojan Horse took shape. Whether the Greeks actually constructed a huge wooden horse and hid a select force of men inside, or if it was a battering ram, another sort of siege engine, or even a boat is not clear.

But whichever Greek poet you believe, the idea of getting your enemy to invite you into their securely protected place by hiding your malevolent intent played a crucial part in the sacking of Troy, and the turning point of the Trojan War.

History has its fair share of confidence tricksters and con artists too, cleverly gaining people’s trust and swindling them out of money or goods.

Three millennia later and metaphorically, a "Trojan horse" has come to mean any trick or stratagem that causes a target to invite a foe into a securely protected bastion or place. A malicious computer program that tricks users into willingly running it is also called a "Trojan horse" or simply a "Trojan”. It is designed to gain access to a network and damage, limit or steal data - and is a common precursor to a ransomware attack. For today’s con artists, the most effective way to conduct a successful cyber wire attack is to impersonate a supplier. 

Very little is new in the ideas of criminals even as technology and digitisation evolve - only the methodology and delivery systems have changed.  The two main approaches to cyber attacks impacting UK companies in 2022 are ransomware and impersonation.

Ransomware

Ransomware has become increasingly popular within organised cyber criminal gangs because it is easy to identify and target poor corporate security. In addition, the expansion of ransomware-as-a-service (RaaS) means that access to compromised networks is cheap, thanks to a rise in the number of initial-access brokers and RaaS tools.

The latest iteration, Double-Extortion Ransomware, relies on criminals not just encrypting data and holding the owner to ransom, but exfiltrating (removing) the data from compromised devices or systems first. By exfiltrating the data first, the criminals can threaten to release the data should you not pay the initial ransomware demand, rendering standardised data backups and data recovery plans obsolete.

Impersonation

In the case of impersonation, cyber criminals use domain or email spoofing techniques to create false websites and emails and initiate sophisticated phishing attacks that fool clients, suppliers and employees into giving away personal or company details. 

The best defence available today is to identify the precursor of attacks.  As was true with the Trojan horse: King Priam’s daughter Cassandra tried to warn him of the soothsayer of Troy, when she insisted that the horse would be the downfall of the city and its royal family. But Cassandra was ignored, and Priam was killed as the war was lost. And as with history’s long line of confidence tricksters, the warning signs are there, if you know what to look out for. 

The key to identifying the precursors of cyber attacks is understanding the nature of, and patterns within, a network’s traffic. Armed with this understanding, changes in the make-up of network traffic can indicate possible signs of cyber attacks in their infancy, and trigger a response before they cause damage and disruption.  

Achieving this is no task for the human eye, as the sheer volume and variety of data can make it almost impossible to identify patterns or anomalies and respond quickly to them. Detection systems that combine Machine Learning, AI platforms and advanced analytics are the only effective way to defeat the latest cyber threats. 

Such systems should also take advantage of what is being observed on other known organisational systems and networks.  Pooling global insights to detect insecure infrastructure and identify malicious activities across networks and systems is an important element in the fight against cyber crime. Checking third party lists of malicious IPs or domains, and comparing the data to legitimate traffic across known organisational systems, blacklisted traffic is another way to spot a potential compromise. 

This is not to say that the role of the human has gone, indeed good training and awareness of cyber threats remains important within businesses, as employees will always be the last line of defence. However, Security Operations Centres (SOCs) that can combine powerful AI platforms, global intelligence and human experts, are the new front line in the defence of every organisation against today’s cyber threats. 

Phil Ashley is Director of Crossword Labs at Crossword Cybersecurity

You Might Also Read:

Malware Versus Ransomware: What’s the Difference?:

 

« Are Your Employees The Weakest Link Against Cyber Crime?
Is Europe Ready For Cyber Warfare? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Backup Systems

Backup Systems

Backup Systems is a leading backup and disaster recovery systems provider across the UK.

SiteLock

SiteLock

SiteLock is a global leader in website security solutions. We provide affordable, cybersecurity software solutions designed to allow small to midsize businesses to operate without fear of an attack.

CloudCodes Software

CloudCodes Software

CloudCodes is a cloud security solutions provider focused on providing cloud security solutions to enterprise customers.

Digital Hands

Digital Hands

Digital Hands is an award-winning managed security services provider.

Careers in Cyber Security (CiCS)

Careers in Cyber Security (CiCS)

CareersinCyberSecurity is a leading global job board and career resource for Cyber Security, IT Audit, Technology Risk and Data Protection professionals.

IoTsploit

IoTsploit

IoTsploit provides 20/20 visibility of network connections, protecting critical infrastructure assets from IoT vulnerabilities.

Cynamics

Cynamics

Cynamics is the only network monitoring solution built specifically for Smart City, Public Safety and Critical Infrastructure networks.

Q-Net Security

Q-Net Security

Protect your critical networks. Q-Net Security make hardware that provides the strongest drop-in security for your existing critical infrastructure.

Cyberport

Cyberport

Cyberport is focused on facilitating the growth of major technology trends such as FinTech and cybersecurity as well as the emerging technologies of AI, big data and blockchain.

Defensity

Defensity

Defensity offer bespoke & pre packaged IT Security Solutions for Small business to help companies reduce overall IT related risk.

Terra Quantum

Terra Quantum

Terra Quantum is a deep tech pioneer, developing revolutionary quantum applications to shape the technology of the future.

Intigriti

Intigriti

Intigriti helps companies protect themselves from cybercrime. Our community of ethical hackers provides continuous, realistic security testing to protect our customer’s assets and brand.

Cloud4C

Cloud4C

Cloud4C is a leading automation-driven, application focused cloud Managed Services Provider.

ANSSI Burkina Faso

ANSSI Burkina Faso

ANSSI is responsible for managing the security of information systems and cyberspace in Burkina Faso.

DART Consulting & Training

DART Consulting & Training

DART is a leading cyber training and consultancy company. We enhance our clients’ cyber capabilities by growing and strengthening their frontline defense – the cyber teams.

Windstream

Windstream

Windstream is a leading provider of advanced network communications and technology solutions for consumers, small businesses, enterprise organizations and carrier partners across the US.