With cyber risk an executive- and board-level concern, it's not enough to try to prevent attackers from gaining entry to your network. Advanced, persistent attackers can still get through even the most advanced defenses. Once they're in, they have the arduous task of moving from their initial point of entry to their ultimate target. This is the time when attackers are most vulnerable—and where we, as defenders, have an opportunity to tip the balance in our favor.
On March 15, 2018, US CERT (U.S. Computer Emergency Readiness Team) issued a Technical Alert about “Russian government cyber actors” conducting a concerted cyberattack campaign against energy companies. Specifically, they gained access through small organizations connected to the target companies and then “conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).”
The threat news of the week is about MoneyTaker – a cybercrime group apparently responsible for theft of over $10M from 18 banks in the US and Russia. If you’ve read any of the online accounts, it’s easy to be overwhelmed by the details and the growing sophistication of cybercrime groups. While it’s important not to downplay their fierceness and the growing risks associated with advanced persistent threats, it’s also important to focus on the relatively simple capability organizations can embrace to combat them.
In 2016, the wire transfer fraud attack on Bangladesh Bank commanded huge headlines and resulted in cyber criminals stealing a whopping $81 million. It could have been worse; the massive “take” was interrupted not by IT security technologies, but by human vigilance. A watchful employee saw a spelling error in a transfer message and alerted an investigation team.
Cybersecurity is in the headlines as never before, commanding greater executive attention. As the need for cybersecurity solutions has grown, record numbers of new technologies have emerged to fill the demand. But despite growing cyber spending, budgets for most organizations are finite—and so are the human resources to support and maintain the vast range of security tools they already own. It’s therefore essential to carefully scrutinize vendor offerings before signing on the dotted line.
Growing awareness of illusive networks Deceptions Everywhere™ technology recently led SANS Fellow, Dr. Eric Cole, to test our solution. Not only did he aim to successfully deceive an attacker, he also evaluated illusive’s scalability, manageability, and believability. The results of his (unsuccessful) efforts to attack a network and escape detection are contained in a new SANS Product Review - Deception Matters: Slowing the Adversary with illusive networks.