How Hackers Infiltrate Systems

Uploaded on 2016-09-14 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

To defend your organisation against complex and simple attacks alike, think like a hacker.​.

The recent hacks and subsequent embarrassing data leaks of the Democrat National Convention and the Clinton Foundation  has demonstrated the high stakes and fragile cybersecurity ecosystem of US political campaigns. As the 2016 Presidentail general election heats up, The Takeaway, a news program produced by WNYC in New York reported that Julian Assange and Wikileaks are preparing to release another batch of hacked data.

Though attacks can be sophisticated, it's likely the DNC attacks were the result of simple spearfishing, a tactic that involves tricking an employee to open or click a link inside an email that appears to be from a trusted source. "[Spearfishing] is a relatively easy trick, and anyone, from the CEO to an entry level employee, can be duped," said Skyport Systems CEO Art Gilliland.

The campaign leaks should serve as a cautionary tale for companies big and small, Gilliland said. Many businesses, he explained, are as vulnerable as the DNC and should learn from this summer's hack attacks. "In building an effective program to protect the enterprise, companies should consider the reality of the adversary marketplace." Meaning, hackers often behave like rational actors within traditional markets.

To defend your company against complex and simple attacks alike, Gilliland said, think like a hacker. "[Kill chain] is taken from military parlance. The attack lifecycle enumerates the steps that an attacker follows to steal or damage a target asset inside a company." Although much more sophisticated attack lifecycles exist, he said, the basic kill chain process is easy to understand.

  • Think like an attacker and focus on adversary disruption.
  • Most attacks follow these steps, Gilliland said:
  • Recon - The attacker researches, profiles, and tests the environment and its people.
  • Infiltrate - Breaks in and takes positions inside the organization.
  • Discover - Uses the internal position to understand more about the environment and the surrounding systems.
  • Capture - Works to take control of the asset, typically information, that is valuable.
  • Exfiltrate - Moves the asset out, or in some cases damages the asset.
  • Monetize - Sells or uses the asset to make money or gain advantage.
  • Create identity-based perimeters for cloud services

As more organizations consume services or infrastructure from SaaS and cloud providers, the need for a different model of security becomes important. The challenge isn't that they don't deliver security, the challenge often is that they don't deliver all of the security that an organization requires. Create what Gartner calls the Cloud Access Broker. These are gateways that implement policies on the interactions between users and the cloud.

Develop individual trust zones in the cloud

The most promising new architectural approach is in the creation of individual security perimeters around every workload that runs in the data center. This approach is often referred to as micro-segmentation and represents the separation of the network trust zones into units of a single zone of trust for each application or workload.

Encrypt sensitive data

Broad use of encryption can help ensure that the data that is stolen is useless. Find technologies that can encrypt data without breaking applications. Approaches like tokenization and format preserving encryption can help to protect without breaking the existing environment. Finally, start with the stuff that really matters and work from there. It is not necessary to encrypt everything all at once. Start small, reduce risk, and move on.

"The hardest part of cybersecurity is that many of the tools used by adversaries are also used by the good guys," Gilliland said. The best way to improve defensive posture is to focus more on adversary disruption tactics and less on technical architecture. "If the adversary is profit motivated, they will likely just move on. Remember that old adage: If you are in a group chased by a bear you don't need to be faster than the bear, you only need to be faster than the others with you," he said.

TechRepublic

 

« Mass Surveillance: Cuba Filters Text Messages
Effective Drone Defence & Control »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TUV Sud

TUV Sud

TÜV SÜD is a leading technical service organisation. We specialize in testing, certification, auditing, training, and advisory services for different industries.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

Egyptian Supreme Cybersecurity Council (ESCC)

Egyptian Supreme Cybersecurity Council (ESCC)

ESCC is responsible for developing a national strategy to face and respond to the cyber threats and attacks and to oversee its implementation and update.

Cyberens

Cyberens

Cyberens provide cybersecurity consulting services in IT sectors relating to defense and space, banking, industrial control systems and IoT.

ubirch

ubirch

The ubirch platform is designed to ensure that IoT data is trustworthy and secure.

Hallam-ICS

Hallam-ICS

Hallam-ICS designs MEP systems for facilities and plants, control and automation solutions, and ensures safety and regulatory compliance.

Right-Hand Cybersecurity

Right-Hand Cybersecurity

Right-Hand Cybersecurity empowers businesses to monitor, measure and mitigate employee induced cyber risks in real-time.

WebOrion

WebOrion

WebOrion is an All-in-One Web Security & Performance Suite. Fortify, accelerate and monitor your website today.

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

CMMC COE is an IT-AAC sponsored public–private partnership that will be the focal point for entities seeking to achieve Cybersecurity Maturity Model Certification.

Grip Security

Grip Security

Grip Security provides comprehensive visibility, governance and data security to help enterprises effortlessly secure a burgeoning and chaotic SaaS ecosystem.

ProLion

ProLion

ProLion provides Data Integrity solutions that ensure organisations’ data remains secure, compliant, manageable and accessible.

Innovex Global

Innovex Global

Innovex is a full-service executive search and advisory business that engages with early-stage startups, scale-ups, and established businesses in the Fintech, Cybersecurity and Technology industries.

AdvIntel

AdvIntel

AdvIntel is a next-generation threat prevention and loss prevention company launched by a team of certified investigators, reverse engineers, and security experts.

ATSG

ATSG

ATSG is a global leader in transformational technology solutions for today’s digital enterprise. Cybersecurity ranging from Advisory & Assessment to Fully Managed Detection and Response Services.

Intertec Systems

Intertec Systems

Intertec Systems is an award-winning, global IT solutions and services provider that specializes in digital transformation, cybersecurity, sustainability, and cloud services.

Xantaro

Xantaro

Xantaro specializes in technologies, software and services for Carriers, ISPs, Hosting and Cloud Providers as well as for Operators of Data Centres and Campus Networks.