How Hackers Infiltrate Systems

To defend your organisation against complex and simple attacks alike, think like a hacker.​.

The recent hacks and subsequent embarrassing data leaks of the Democrat National Convention and the Clinton Foundation  has demonstrated the high stakes and fragile cybersecurity ecosystem of US political campaigns. As the 2016 Presidentail general election heats up, The Takeaway, a news program produced by WNYC in New York reported that Julian Assange and Wikileaks are preparing to release another batch of hacked data.

Though attacks can be sophisticated, it's likely the DNC attacks were the result of simple spearfishing, a tactic that involves tricking an employee to open or click a link inside an email that appears to be from a trusted source. "[Spearfishing] is a relatively easy trick, and anyone, from the CEO to an entry level employee, can be duped," said Skyport Systems CEO Art Gilliland.

The campaign leaks should serve as a cautionary tale for companies big and small, Gilliland said. Many businesses, he explained, are as vulnerable as the DNC and should learn from this summer's hack attacks. "In building an effective program to protect the enterprise, companies should consider the reality of the adversary marketplace." Meaning, hackers often behave like rational actors within traditional markets.

To defend your company against complex and simple attacks alike, Gilliland said, think like a hacker. "[Kill chain] is taken from military parlance. The attack lifecycle enumerates the steps that an attacker follows to steal or damage a target asset inside a company." Although much more sophisticated attack lifecycles exist, he said, the basic kill chain process is easy to understand.

  • Think like an attacker and focus on adversary disruption.
  • Most attacks follow these steps, Gilliland said:
  • Recon - The attacker researches, profiles, and tests the environment and its people.
  • Infiltrate - Breaks in and takes positions inside the organization.
  • Discover - Uses the internal position to understand more about the environment and the surrounding systems.
  • Capture - Works to take control of the asset, typically information, that is valuable.
  • Exfiltrate - Moves the asset out, or in some cases damages the asset.
  • Monetize - Sells or uses the asset to make money or gain advantage.
  • Create identity-based perimeters for cloud services

As more organizations consume services or infrastructure from SaaS and cloud providers, the need for a different model of security becomes important. The challenge isn't that they don't deliver security, the challenge often is that they don't deliver all of the security that an organization requires. Create what Gartner calls the Cloud Access Broker. These are gateways that implement policies on the interactions between users and the cloud.

Develop individual trust zones in the cloud

The most promising new architectural approach is in the creation of individual security perimeters around every workload that runs in the data center. This approach is often referred to as micro-segmentation and represents the separation of the network trust zones into units of a single zone of trust for each application or workload.

Encrypt sensitive data

Broad use of encryption can help ensure that the data that is stolen is useless. Find technologies that can encrypt data without breaking applications. Approaches like tokenization and format preserving encryption can help to protect without breaking the existing environment. Finally, start with the stuff that really matters and work from there. It is not necessary to encrypt everything all at once. Start small, reduce risk, and move on.

"The hardest part of cybersecurity is that many of the tools used by adversaries are also used by the good guys," Gilliland said. The best way to improve defensive posture is to focus more on adversary disruption tactics and less on technical architecture. "If the adversary is profit motivated, they will likely just move on. Remember that old adage: If you are in a group chased by a bear you don't need to be faster than the bear, you only need to be faster than the others with you," he said.

TechRepublic

 

« Mass Surveillance: Cuba Filters Text Messages
Effective Drone Defence & Control »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Palo Alto Networks

Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate.

CERT.hr

CERT.hr

CERT.hr is the national authority competent for prevention and protection from computer threats to public information systems in the Republic of Croatia.

United Security Providers

United Security Providers

United Security Providers is a leading specialist in information security, protecting IT infrastructures and applications for companies with high demands on security.

Awen Collective

Awen Collective

Awen Collective develops software-based tools for performing Digital Forensics, Incident Response and Cyber-Crime Investigation.

Auxilium Cyber Security

Auxilium Cyber Security

Auxilium Cyber Security is independent information security consultancy company.

Shinobi Cyber

Shinobi Cyber

Shinobi Defense System is an integrated security system that absolutely secures information with smart, automatic encryption and protects your endpoints by stopping any unauthorized actions.

HorizonIQ

HorizonIQ

HorizonIQ (formerly Internap Corp / INAP) maximizes efficiency and innovation with flexible infrastructure solutions.

Langner

Langner

Langner is a software and consulting firm specialized in cyber security for critical infrastructure and large-scale manufacturing.

StepStone

StepStone

StepStone is one of the leading online job platforms in Germany, and other countries, covering all industry sectors including IT and cybersecurity.

Transpere

Transpere

Transpere provides IT Asset Disposition (ITAD), Data Destruction, Electronic Recycling and Onsite Data Services.

Genius Guard

Genius Guard

Genius Guard specializes in DDoS Protection, DDoS Protected Webhosting, HYIP Hosting, Bitcoin Hosting, Cryptocurrency Hosting.

UNS Inc.

UNS Inc.

UNS is a top services partner for multiple leaders in the global cybersecurity industry – we do business in 40 countries, including the United States, Canada, Chile, and Colombia.

Iris Powered by Generali

Iris Powered by Generali

Iris Powered by Generali is an identity theft resolution provider. Our offering combines expert assistance and support with user-friendly identity protection technology.

SEK Security Ecosystem Knowledge

SEK Security Ecosystem Knowledge

SEK helps companies in the complex path of cybersecurity; in the analysis, detection and prevention of digital threats.

We Hack Purple

We Hack Purple

We Hack Purple is a Canadian company dedicated to helping anyone and everyone create secure software.

Guardian Angel Cyber

Guardian Angel Cyber

Guardian Angel Cyber, is your trusted ally in safeguarding your digital assets and online presence.