Cybersecurity Lessons From Ancient History

Uploaded on 2022-05-06 in TECHNOLOGY--Resilience, FREE TO VIEW

In the Trojan war in the twelfth century BC, the legend of the Trojan Horse took shape. Whether the Greeks actually constructed a huge wooden horse and hid a select force of men inside, or if it was a battering ram, another sort of siege engine, or even a boat is not clear.

But whichever Greek poet you believe, the idea of getting your enemy to invite you into their securely protected place by hiding your malevolent intent played a crucial part in the sacking of Troy, and the turning point of the Trojan War.

History has its fair share of confidence tricksters and con artists too, cleverly gaining people’s trust and swindling them out of money or goods.

Three millennia later and metaphorically, a "Trojan horse" has come to mean any trick or stratagem that causes a target to invite a foe into a securely protected bastion or place. A malicious computer program that tricks users into willingly running it is also called a "Trojan horse" or simply a "Trojan”. It is designed to gain access to a network and damage, limit or steal data - and is a common precursor to a ransomware attack. For today’s con artists, the most effective way to conduct a successful cyber wire attack is to impersonate a supplier. 

Very little is new in the ideas of criminals even as technology and digitisation evolve - only the methodology and delivery systems have changed.  The two main approaches to cyber attacks impacting UK companies in 2022 are ransomware and impersonation.

Ransomware

Ransomware has become increasingly popular within organised cyber criminal gangs because it is easy to identify and target poor corporate security. In addition, the expansion of ransomware-as-a-service (RaaS) means that access to compromised networks is cheap, thanks to a rise in the number of initial-access brokers and RaaS tools.

The latest iteration, Double-Extortion Ransomware, relies on criminals not just encrypting data and holding the owner to ransom, but exfiltrating (removing) the data from compromised devices or systems first. By exfiltrating the data first, the criminals can threaten to release the data should you not pay the initial ransomware demand, rendering standardised data backups and data recovery plans obsolete.

Impersonation

In the case of impersonation, cyber criminals use domain or email spoofing techniques to create false websites and emails and initiate sophisticated phishing attacks that fool clients, suppliers and employees into giving away personal or company details. 

The best defence available today is to identify the precursor of attacks.  As was true with the Trojan horse: King Priam’s daughter Cassandra tried to warn him of the soothsayer of Troy, when she insisted that the horse would be the downfall of the city and its royal family. But Cassandra was ignored, and Priam was killed as the war was lost. And as with history’s long line of confidence tricksters, the warning signs are there, if you know what to look out for. 

The key to identifying the precursors of cyber attacks is understanding the nature of, and patterns within, a network’s traffic. Armed with this understanding, changes in the make-up of network traffic can indicate possible signs of cyber attacks in their infancy, and trigger a response before they cause damage and disruption.  

Achieving this is no task for the human eye, as the sheer volume and variety of data can make it almost impossible to identify patterns or anomalies and respond quickly to them. Detection systems that combine Machine Learning, AI platforms and advanced analytics are the only effective way to defeat the latest cyber threats. 

Such systems should also take advantage of what is being observed on other known organisational systems and networks.  Pooling global insights to detect insecure infrastructure and identify malicious activities across networks and systems is an important element in the fight against cyber crime. Checking third party lists of malicious IPs or domains, and comparing the data to legitimate traffic across known organisational systems, blacklisted traffic is another way to spot a potential compromise. 

This is not to say that the role of the human has gone, indeed good training and awareness of cyber threats remains important within businesses, as employees will always be the last line of defence. However, Security Operations Centres (SOCs) that can combine powerful AI platforms, global intelligence and human experts, are the new front line in the defence of every organisation against today’s cyber threats. 

Phil Ashley is Director of Crossword Labs at Crossword Cybersecurity

You Might Also Read:

Malware Versus Ransomware: What’s the Difference?:

 

« Are Your Employees The Weakest Link Against Cyber Crime?
Is Europe Ready For Cyber Warfare? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Wizard Computing

Wizard Computing

Wizard Computer Services is a full service IT solutions provider that offers managed services, consultation, installation, and support to small and large businesses in New England.

360Logica

360Logica

360Logica is a software testing company offering numerous kinds of testing services to improve the quality and performance of your software and IT systems.

StoneFly

StoneFly

StoneFly offers High Availability, high performance cluster and scale out storage, and backup and disaster recovery appliances.

Junglemap

Junglemap

Junglemap provide nanolearning training courses on ransomware, information security and GDPR.

Gulf Computer Services Co (GCSC)

Gulf Computer Services Co (GCSC)

Gulf Computer Services is a major player in the field of networking & Communication solutions for emerging industries such as Internet Services and Information Technology in Saudi Arabia.

Chronicle

Chronicle

Chronicle products combine intelligence about global threats in the wild, threats inside your network, and unique signals about both.

Cybersecurity Manufacturing Innovation Institute (CyManII)

Cybersecurity Manufacturing Innovation Institute (CyManII)

CyManII was established to create economically viable, pervasive, and inconspicuous cybersecurity in American manufacturing to secure the digital supply chain and energy automation.

RIT Global Cybersecurity Institute

RIT Global Cybersecurity Institute

At RIT's Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

Software Diversified Services (SDS)

Software Diversified Services (SDS)

SDS provides the highest quality mainframe software and award-winning, expert service with an emphasis on security, encryption, monitoring, and data compression.

Constella Intelligence

Constella Intelligence

Constella Intelligence provides digital risk protection services to quickly and efficiently disrupt cyber attacks and data breaches before they occur.

Redbot Security

Redbot Security

Redbot Security provides industry leading manual penetration testing. Protecting critical systems and data - red team attack and breach simulations, (OT) critical infrastructure testing.

Scholarly Networks Security Initiative (SNSI)

Scholarly Networks Security Initiative (SNSI)

SNSI brings together publishers and institutions to solve cyber-challenges threatening the integrity of the scientific record, scholarly systems and the safety of personal data.

TotalAV

TotalAV

TotalAV Antivirus is a free-to-use app packed with all the essential features to find and remove malware, keeping you safe.

Apollo Secure

Apollo Secure

Apollo is an automated cybersecurity platform for startups and small businesses to achieve and maintain security compliance.

IndoSec

IndoSec

IndoSec is an annual cybersecurity summit that powers an in-person gathering of cybersecurity leaders from Indonesia’s major corporations, leading businesses and key government entities.

DarkHorse Security

DarkHorse Security

DarkHorse exists to make it easy and affordable for organizations to be able to identify their cybersecurity vulnerabilities.