Cybersecurity Lessons From Ancient History

Uploaded on 2022-05-06 in TECHNOLOGY--Resilience, FREE TO VIEW

In the Trojan war in the twelfth century BC, the legend of the Trojan Horse took shape. Whether the Greeks actually constructed a huge wooden horse and hid a select force of men inside, or if it was a battering ram, another sort of siege engine, or even a boat is not clear.

But whichever Greek poet you believe, the idea of getting your enemy to invite you into their securely protected place by hiding your malevolent intent played a crucial part in the sacking of Troy, and the turning point of the Trojan War.

History has its fair share of confidence tricksters and con artists too, cleverly gaining people’s trust and swindling them out of money or goods.

Three millennia later and metaphorically, a "Trojan horse" has come to mean any trick or stratagem that causes a target to invite a foe into a securely protected bastion or place. A malicious computer program that tricks users into willingly running it is also called a "Trojan horse" or simply a "Trojan”. It is designed to gain access to a network and damage, limit or steal data - and is a common precursor to a ransomware attack. For today’s con artists, the most effective way to conduct a successful cyber wire attack is to impersonate a supplier. 

Very little is new in the ideas of criminals even as technology and digitisation evolve - only the methodology and delivery systems have changed.  The two main approaches to cyber attacks impacting UK companies in 2022 are ransomware and impersonation.

Ransomware

Ransomware has become increasingly popular within organised cyber criminal gangs because it is easy to identify and target poor corporate security. In addition, the expansion of ransomware-as-a-service (RaaS) means that access to compromised networks is cheap, thanks to a rise in the number of initial-access brokers and RaaS tools.

The latest iteration, Double-Extortion Ransomware, relies on criminals not just encrypting data and holding the owner to ransom, but exfiltrating (removing) the data from compromised devices or systems first. By exfiltrating the data first, the criminals can threaten to release the data should you not pay the initial ransomware demand, rendering standardised data backups and data recovery plans obsolete.

Impersonation

In the case of impersonation, cyber criminals use domain or email spoofing techniques to create false websites and emails and initiate sophisticated phishing attacks that fool clients, suppliers and employees into giving away personal or company details. 

The best defence available today is to identify the precursor of attacks.  As was true with the Trojan horse: King Priam’s daughter Cassandra tried to warn him of the soothsayer of Troy, when she insisted that the horse would be the downfall of the city and its royal family. But Cassandra was ignored, and Priam was killed as the war was lost. And as with history’s long line of confidence tricksters, the warning signs are there, if you know what to look out for. 

The key to identifying the precursors of cyber attacks is understanding the nature of, and patterns within, a network’s traffic. Armed with this understanding, changes in the make-up of network traffic can indicate possible signs of cyber attacks in their infancy, and trigger a response before they cause damage and disruption.  

Achieving this is no task for the human eye, as the sheer volume and variety of data can make it almost impossible to identify patterns or anomalies and respond quickly to them. Detection systems that combine Machine Learning, AI platforms and advanced analytics are the only effective way to defeat the latest cyber threats. 

Such systems should also take advantage of what is being observed on other known organisational systems and networks.  Pooling global insights to detect insecure infrastructure and identify malicious activities across networks and systems is an important element in the fight against cyber crime. Checking third party lists of malicious IPs or domains, and comparing the data to legitimate traffic across known organisational systems, blacklisted traffic is another way to spot a potential compromise. 

This is not to say that the role of the human has gone, indeed good training and awareness of cyber threats remains important within businesses, as employees will always be the last line of defence. However, Security Operations Centres (SOCs) that can combine powerful AI platforms, global intelligence and human experts, are the new front line in the defence of every organisation against today’s cyber threats. 

Phil Ashley is Director of Crossword Labs at Crossword Cybersecurity

You Might Also Read:

Malware Versus Ransomware: What’s the Difference?:

 

« Are Your Employees The Weakest Link Against Cyber Crime?
Is Europe Ready For Cyber Warfare? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ANS Group

ANS Group

ANS are a strong team of straight-talking tech and business experts. Our mission is to make digital transformation accessible to all.

HackRead

HackRead

HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

NordForsk

NordForsk

NordForsk facilitates and provides funding for Nordic research cooperation and research infrastructure. Project areas include digitalisation and digital security.

Aujas Cybersecurity

Aujas Cybersecurity

Aujas has deep expertise and capabilities in Identity and Access Management, Risk Advisory, Security Verification, Security Engineering, & Managed Detection and Response services.

Nakivo

Nakivo

NAKIVO is dedicated to delivering the ultimate backup, ransomware protection and disaster recovery solution for virtual, physical, cloud and SaaS environments.

Cyber Security Academy (CSA)

Cyber Security Academy (CSA)

The CSA aims to educate professionals who wish to contribute to strengthening the digital defensibility of states, organisations and individual citizens.

Root9B (R9B)

Root9B (R9B)

R9B offers advanced cybersecurity products, services, and training to enhance the way organizations protect their networks.

High Wire Networks

High Wire Networks

High Wire Network’s Overwatch Managed Security Plaform-as-a-Service offers organizations end-to-end protection for networks, data, endpoints and users.

SecondWrite

SecondWrite

SecondWrite’s next-generation malware detection engine delivers a combination of automatic deep code inspection and accurate scoring of zero-day malware.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Secmation

Secmation

Secmation are an agile engineering services firm providing advanced DoD level security design and consultation services for both commercial and defense hardware and software applications.

Private Client Cyber Security (PCCS)

Private Client Cyber Security (PCCS)

PCCS provides enterprise-grade cybersecurity consulting and services to professional practices, executives, athletes, and high net worth families.

NexusTek

NexusTek

NexusTek is a managed IT services provider with a comprehensive portfolio comprised of end-user services, cloud, infrastructure, cyber security, and IT consulting.

PRE Security

PRE Security

PRE Security is leading the transition into the next era of AI cybersecurity with a new model: Predict & Prevent.

Ebryx

Ebryx

At Ebryx, we are at the forefront of cybersecurity innovation, leveraging over a decade of expertise to protect and empower organizations worldwide.