What do enterprise security teams have in common with Hannibal at the Battle of Cannae in 216 B.C.? A lot. Both face an onslaught of adversaries. Both have valuable reputations and territory (or markets) at stake. And both need a way to outdistance enemies by enlisting new tactics. With today’s cyberattacks, yesterday’s approaches are not enough. As it did for Hannibal, deception offers a way to turn attackers’ own methods against them. The history of deception shows that weapons and tactics might change, but the ability to make an adversary act on something that isn’t real offers modern enterprise defenders a new arsenal of tools.
As 2017 comes to a close, the string of recent attacks on SWIFT and other financial messaging systems are emerging as one of the main threat trends. News has just surfaced of another such attack – this time impacting Globex Bank in Russia, which took place on December 15th. Attackers apparently attempted to steal almost $1M by manipulating international transfer requests through the systems within the bank that connect to the SWIFT messaging service.
People usually associate “advanced persistent threat” (APT) with malicious outsiders—nation-state or other sophisticated attackers. Generally, once an APT attacker has established an initial foothold, they conduct “low-and-slow”-style attacks involving a prolonged period of reconnaissance and lateral movement. Insider threats are usually thought of as intentional (or sometimes accidental) acts of data theft or other compromise committed by trusted users who know their way around and have legitimate, open access to sensitive assets.
The threat news of the week is about MoneyTaker – a cybercrime group apparently responsible for theft of over $10M from 18 banks in the US and Russia. If you’ve read any of the online accounts, it’s easy to be overwhelmed by the details and the growing sophistication of cybercrime groups. While it’s important not to downplay their fierceness and the growing risks associated with advanced persistent threats, it’s also important to focus on the relatively simple capability organizations can embrace to combat them.
It goes without saying that rigorous security controls are irreplaceable. But no matter how strong an organization’s cybersecurity defenses are, determined attackers will still get in. Whether malicious insiders or external actors, persistent attackers fly below the radar and reside for months inside a network. They’re patient, studying the infrastructure and carefully planning their attack because what they’re typically after are the crown jewels of your business: essential data volumes, intellectual property, financial transactions, or revenue-dependent business operations.
*This blog was originally posted on Dark Reading
In discussions about cyber attacks, “when, not if” has become overused. We all know attacks are going to happen to every organization that depends on the Internet—which of course, is nearly every one. The risk of an attack is always present—and, in fact, malicious actors or software are probably present at most times in most environments.