Cybersecurity Lessons From Ancient History

Uploaded on 2022-05-06 in TECHNOLOGY--Resilience, FREE TO VIEW

In the Trojan war in the twelfth century BC, the legend of the Trojan Horse took shape. Whether the Greeks actually constructed a huge wooden horse and hid a select force of men inside, or if it was a battering ram, another sort of siege engine, or even a boat is not clear.

But whichever Greek poet you believe, the idea of getting your enemy to invite you into their securely protected place by hiding your malevolent intent played a crucial part in the sacking of Troy, and the turning point of the Trojan War.

History has its fair share of confidence tricksters and con artists too, cleverly gaining people’s trust and swindling them out of money or goods.

Three millennia later and metaphorically, a "Trojan horse" has come to mean any trick or stratagem that causes a target to invite a foe into a securely protected bastion or place. A malicious computer program that tricks users into willingly running it is also called a "Trojan horse" or simply a "Trojan”. It is designed to gain access to a network and damage, limit or steal data - and is a common precursor to a ransomware attack. For today’s con artists, the most effective way to conduct a successful cyber wire attack is to impersonate a supplier. 

Very little is new in the ideas of criminals even as technology and digitisation evolve - only the methodology and delivery systems have changed.  The two main approaches to cyber attacks impacting UK companies in 2022 are ransomware and impersonation.

Ransomware

Ransomware has become increasingly popular within organised cyber criminal gangs because it is easy to identify and target poor corporate security. In addition, the expansion of ransomware-as-a-service (RaaS) means that access to compromised networks is cheap, thanks to a rise in the number of initial-access brokers and RaaS tools.

The latest iteration, Double-Extortion Ransomware, relies on criminals not just encrypting data and holding the owner to ransom, but exfiltrating (removing) the data from compromised devices or systems first. By exfiltrating the data first, the criminals can threaten to release the data should you not pay the initial ransomware demand, rendering standardised data backups and data recovery plans obsolete.

Impersonation

In the case of impersonation, cyber criminals use domain or email spoofing techniques to create false websites and emails and initiate sophisticated phishing attacks that fool clients, suppliers and employees into giving away personal or company details. 

The best defence available today is to identify the precursor of attacks.  As was true with the Trojan horse: King Priam’s daughter Cassandra tried to warn him of the soothsayer of Troy, when she insisted that the horse would be the downfall of the city and its royal family. But Cassandra was ignored, and Priam was killed as the war was lost. And as with history’s long line of confidence tricksters, the warning signs are there, if you know what to look out for. 

The key to identifying the precursors of cyber attacks is understanding the nature of, and patterns within, a network’s traffic. Armed with this understanding, changes in the make-up of network traffic can indicate possible signs of cyber attacks in their infancy, and trigger a response before they cause damage and disruption.  

Achieving this is no task for the human eye, as the sheer volume and variety of data can make it almost impossible to identify patterns or anomalies and respond quickly to them. Detection systems that combine Machine Learning, AI platforms and advanced analytics are the only effective way to defeat the latest cyber threats. 

Such systems should also take advantage of what is being observed on other known organisational systems and networks.  Pooling global insights to detect insecure infrastructure and identify malicious activities across networks and systems is an important element in the fight against cyber crime. Checking third party lists of malicious IPs or domains, and comparing the data to legitimate traffic across known organisational systems, blacklisted traffic is another way to spot a potential compromise. 

This is not to say that the role of the human has gone, indeed good training and awareness of cyber threats remains important within businesses, as employees will always be the last line of defence. However, Security Operations Centres (SOCs) that can combine powerful AI platforms, global intelligence and human experts, are the new front line in the defence of every organisation against today’s cyber threats. 

Phil Ashley is Director of Crossword Labs at Crossword Cybersecurity

You Might Also Read:

Malware Versus Ransomware: What’s the Difference?:

 

« Are Your Employees The Weakest Link Against Cyber Crime?
Is Europe Ready For Cyber Warfare? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Centre for Secure Information Technologies (CSIT)

Centre for Secure Information Technologies (CSIT)

CSIT is a UK Innovation and Knowledge Centre (IKC) for secure information technologies. Our vision is to be a global innovation hub for cyber security.

HDI

HDI

HDI is the worldwide professional association and certification body for the technical service and support industry.

Mobile Guroo

Mobile Guroo

Mobile Guroo is a strategy and systems integrator for Enterprise Mobility Management projects.

Semperis

Semperis

Semperis is an enterprise identity protection company that enables organizations to quickly recover from accidental or malicious changes and disasters that compromise Active Directory.

S4x Events

S4x Events

S4x are the most advanced and largest ICS cyber security events in the world.

Belle de Mai Incubator

Belle de Mai Incubator

Belle de Mai Incubator supports and funds innovative startup ideas in digital industries.

Cyber Risk Institute (CRI)

Cyber Risk Institute (CRI)

CRI is a not-for-profit coalition of financial institutions and trade associations working to protect the global economy by enhancing cybersecurity and resiliency through standardization.

Brookcourt Solutions

Brookcourt Solutions

Brookcourt Solutions delivers cyber security, network monitoring technologies and managed security services to help secure and protect your organisation’s critical infrastructure.

Cybaverse

Cybaverse

Cybaverse (formerly North Star Cyber Security) was founded to create the perfect blend of a Managed Security Service Provider (MSSP) and a Cyber Security Consultancy in one.

LogicGate

LogicGate

The LogicGate Risk Cloud™ is an agile GRC cloud solution that combines powerful functionality with intuitive design to enhance enterprise GRC programs.

Techsolidity

Techsolidity

Techsolidity is an emerging e-learning platform that offers a wide range of upskilling programs worldwide in areas including cybersecurity.

Interactive

Interactive

Interactive are a leading Australian IT service provider with services in Cloud, Cyber Security, Data Centres, Business Continuity, Hardware Maintenance, Digital Workplace, and Networks.

Framework Security

Framework Security

With Framework Security, you get more than a consultancy; you get a partner dedicated to simplifying cybersecurity and protecting your business in the most efficient way possible.

Silence Laboratories

Silence Laboratories

Silence Laboratories is a cybersecurity company that focuses on the fusion of cryptography, sensing, and design to support a seamless authentication experience.

VeriBOM

VeriBOM

VeriBOM is a SaaS security and compliance platform that helps protect you and your customers through automation, documentation, and transparency for every software application you build or run.

LEPHISH

LEPHISH

LePhish is a French cybersecurity solution specializing in automated phishing campaigns.