Build a fortress around your valuable assets | #malware | #ransomware | #hacking


THE aftershocks from the SolarWinds security breach are going to be with us for many years to come, Jacky Fox, MD of Accenture Security Ireland, warns, referencing the 2020 cyber attack where an established tech company was unwittingly used as a springboard to compromise a significant number of US government agencies.

Described as “the largest and most sophisticated attack the world has ever seen”, it breached software made by information technology firm SolarWinds Corp and went undetected for months, giving hackers access to thousands of companies and government agencies.

“Gaining unauthorised access to systems with malware is nothing new, but this attack is extraordinary and has far-reaching and long-lasting consequences,” she explains.

Known as supply chain attacks, the attacker used a trusted supplier in another organisation’s connected ecosystem to deliver a malicious payload. 

“This is not new, but the scale of what became known as the sunburst and supernova attacks is unprecedented, as far as we know,” Ms Fox says.

The fact that it was delivered as part of a software update from a reputable company is bad enough; more concerning is that it went undetected for months. 

The malicious code remained in place regardless of system restarts or system changes that might dislodge it.

“This malware only ever ran in memory and so left none of the typical tell-tale traces that forensic analysts might hunt on networks for signs of compromise,” she adds.

Jacky Fox.

What makes the attack even more worrying is that the target company and many of the victims in its supply change are exponents of best-practice cyber security.

“Tellingly, no one is throwing big rocks at SolarWinds at this point. There is minimal blame game because few companies would claim be able to account for every line in their code or have no uncovered historical blunders.


“The reality is that best-practice security may not be enough to thwart increasingly sophisticated cyber attacks that are giving our cyber defences a run for their money. 

“There is an argument that it’s always been this way but, right now, few would disagree.”

Last month, the Irish National Cyber Security Centre issued an alert to companies and organisations advising them to take “urgent action” after Microsoft urged customers to fix their email servers.

This followed an attack that was initially linked to a state-sponsored group based in China and, subsequently, to criminal groups.

“It is important that organisations take urgent action regarding this issue,” it advised.

“If an organisation does not have the capability to follow the provided guidance, it is recommended that they seek assistance from a third-party IT security provider in order to ensure the security of their network.”

Drastic measures

So, what are firms and organisations to do when confronted by massive cyber attacks such as SolarWinds?

“Some organisations have responded to this type of breach by wiping their networks and starting again,” Ms Fox says. 

“This is extreme and, while it might make sense — and even be possible if a company has its applications and infrastructure in the cloud — it is not an option for organisations with thousands of on-premise servers.”

She adds that, unfortunately, even with this drastic action, there is no guarantee that hidden infected code may not be introduced back into the environment, described as “the unknown unknowns”.

A long-standing issue is that organisations may have been breached and not know it, Ms Fox points out, with the last decade having seen the traditional network perimeter become fuzzier as cloud and mobile changed the way IT was delivered and consumed.

“This has increased the attack surface, made it harder to identify vulnerabilities and ultimately to detect intruders. If you start to look at cyber defences through this lens and assume that bad actors may already be inside your perimeter, other strategies become more obvious,” she advises.

Organisations need to look at themselves and determine what are their most valuable assets, the parts of the business they need to work hardest to protect.

In a bank, it may be the online platform where transactions take place, whereas a pharmaceutical company may want to prioritise intellectual property, the fruits of years of expensive research and development.

Firewalls

“When you have identified your biggest asset, wrap it in layers of security; double-down on all the best-practice solutions.

“One defence for the kind of threat that a supply chain attack poses is network segmentation. Use firewalls to protect your network internally as well as from the now fuzzy perimeter,” Ms Fox says.

These firewalls act exactly as the name suggests, and stop or slow down unapproved data flows such as malware. However, many organisations still have flat infrastructure with no internal firewalls, which makes it easier to move between systems — precisely the kind of environment where malicious actors thrive. 

Having infected one machine, they can move laterally across the organisation’s network using sophisticated techniques that make them hard to detect.

“A feature of these advanced persistent threats is they are often stealthy and can lie dormant at various stages of infection, making them harder to detect, often cloaking their tasks within legitimate actions that have been cleared as not suspicious.

“This allows them to burrow deeper into systems, quietly gathering credentials and establishing footholds as they go. Segmenting your network adds a layer of complexity… and will at least slow them down.”

One of the increasing challenges in cyber security, exemplified by supply chain attacks, is that, because threats evolve so quickly, organisations are always defending against the unknown.

The zero-trust model is becoming an increasingly popular approach.

“Conceived by Google several years ago, it works based on the premise that everything is untrustworthy until proven otherwise, even employees inside the network perimeter,” Ms Fox explains. 

“The focus, therefore, is on publishing everything and controlling the identity and access management, making sure people only have permissions to access the data, applications and systems they need.”

Faced with increasingly sophisticated attacks from cyber criminals that always seem to be one step ahead, cyber security can feel like a money pit. 

“It’s not a fair game — criminals only have to get lucky once whereas targets have to be vigilant all of the time. The best option is to have multiple layers of security where it is most needed, informed by what you know about your own organisation.”

In short, she advises building a fortress around the most valuable assets and putting watchtowers everywhere else.



Original Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Your email address will not be published. Required fields are marked *

3 + 3 =