- Category: August 2013 - Data Protection & Security
According to Trustwave‘s 22 page eBook „Inside a Hacker‘s Playbook: 10 Targeted Techniques that will break your Security“, concerted attacks are successful because they are stealthy, specific and disarmingly personal. Advanced attackers can quietly infiltrate a network and steal data or information at will for months or even years. With a little bit of research, some crafty writing and the right technology, crooks make a good living running targeted attacks to steal corporate and government data.
The more we can learn about their techniques, the better we can counter them. Trustwave’s eBook presents a never-before-seen copy of an advanced attacker’s technique manual and tips on how to defend your IT ecosystem. Hopefully our summary or rather overview of the valuable defense techniques found in the eBook comes in useful, or gets you curious enough to download the document at trustwave.com.
Step 1: Develop ‘executive awareness’
Did you know that 76% of breached organizations needed someone else to tell them that they‘d been compromised?
Step one in the fight against targeted attacks is developing executive awareness that these attacks are really happening. Since these attacks are designed precisely to avoid detection, it’s easy to pretend you’re not being targeted or attacked, but chances are you may already be compromised.
Step 2: Start thinking like an attacker
Did you know that more than a third of data breach investigations occur within franchise businesses?
In order to stay a step ahead of the attackers, you’ve got to start thinking like them. One key way to do that is by hiring penetration testers to barrage your systems with the same type of techniques the bad guys use. Doing so can help you find widespread vulnerabilities.
Step 3: Train your employees
Did you know that 48% of large companies have experienced 25 or more social engineering attacks in the past 2 years? And that 70% of young workers regularly ignore IT policies?
Your employees typically play a big role in a targeted attack and their responses to advanced attackers’ probes have the potential to make or break your organization’s chances of keeping the bad guys at bay. In spite of that, industry estimates show consistently that today 25-30% of employees are ever trained on how to respond to these social engineering ploys. Employee training can make it much harder for targeted attacks to ever take shape—an adversary who can’t gather the right information will find it imminently more difficult to customize an attack.
Step 4: Implement a ‘social media policy’
Did you know that 32.8% of passwords contain a name in the top 100 girl and boy name lists? And that 16.7% of passwords contain a name on the top 100 dog names list? (By the way, this is the kind of info people readily give away on their social media feeds!)
According to recent numbers, more than half of enterprises today have seen malware infections rise as a result of employees’ use of social media. And that’s just the tip of the iceberg when it comes to how persistent attackers will use social media to their advantage. Social media, as an intelligence goldmine, is an extremely effective method for hackers to start plotting their plan. There’s no silver bullet, but a combination of smart social media policies, automated enforcement of these policies and a workforce well-trained in the ways of social engineers, can help stem the tide of these attacks.
Step 5: Strong password management
Did you know that 42% of organizations have IT staff sharing passwords or access to systems or applications? And that 48% don‘t change their privileged passwords within 90 days? Or that 40% or more enterprises have informal or no patch management process in place?
Hackers might not start with a client-side attack to gain entry into your systems. Sometimes the first step is to run a SQL injection on your website to find unencrypted password files. But due to users’ propensity to reuse passwords, the criminal’s early work may yield long-term access to accounts across many systems. Strong password management—including enforcement of frequent password changes—is a must to limiting damage in these instances. On the vulnerability front, organizations have got to do a better job patching their system to confine malicious software’s mojo. Zero-day attacks are a tougher nut to crack and defense against exploitation will depend upon security mechanisms at other security layers to prevent a widespread attack from gaining much ground within the network or infiltrating data elsewhere.
Step 6: Invest in real-time code inspection
Did you know that 50% of targeted attacks initially occur through web use, and 48 % through e-mail use? 2% enter through local devices.
The examples given in Trustwave‘s eBook are just the tip of the iceberg in terms of the type of creativity targeted attacks are employing to personalize their intrusion attempts. Secure web and email gateways are critical to stopping all manifestations of blended email and web attacks. This is where advanced technology with real-time code inspection comes into play.
Step 7: Always assume you‘ve already been hacked
Did you know that 88 % of targeted malware remains undetected by traditional anti-virus software? And that in 76% of incident response investigations, a third party responsible for system support, development and/or maintenance of business environments introduced the security deficiencies?
Targeted attacks are so ingenious these days that even with the tools and practices suggested already, there's still a chance that some attacks will slip through. Always operate under the assumption that you've already been hacked and utilize practices and technologies that will seek out existing infections, risky security configurations and any suspect file system changes that could be a red flag of infection.
Step 8: Use security information and event management (SIEM) tools and a skilled analyst
Did you know that the use of encryption to hide attacks and theft of data is on the rise, and that over 25 percent of all data infiltrated by attackers is encrypted by cyber criminals?
Network monitoring tools have advanced considerably over the years to better find common signs of attacks, but attackers do a good job staying one step ahead of alerting technology. One of the most effective tools organizations have at their fingertips in their struggle to discover malicious activity is system information—but we have to know what to look for. That means correlating small events alerts from across the infrastructure so that one big alarm sounds when enough of them happen at once. It's a specialty of security information and event management (SIEM) tools and the skilled analyst that know how to use them—both indispensable in the fight against targeted attacks.