computersecuritynewsSecurityexploitsSecurityThreats

Cybersecurity Must be Attended to Or? Can the Unthinkable Happen to You?

Should Cybersecurity have some attention if you have not been hacked before? Does your business really need  more Cybersecurity awareness?

I.e. So What… Cybersecurity!!!

Is this what you are thinking?

That does not matter to me ?

I guess if this is your default thinking after every new headline of Breaches and attacks…

For example here is a headline: Policy Evasio: Evasive Techniques You Need to Understand to Prevent Breaches and Attacks.

Fireeye has a blog from their highly successful consulting engagements. What doses it mean when they say 65% of the time evasive techniques used to bypass policies were not able to be detected or prevented within a security environment?

This means that 65% of the time criminal hackers are evading the watchful eyes and software of your defense team.  And that is only if you are looking of course.

If you do not have a defense team always looking out for you then of course you will not know anything.

Even if you have a defense team only 15% were alerted and 25% detected with 31% missed altogether.

There is a reason that I have written before on how long an attacker can operate before they are found out:

Indicators of Compromise post

 

 

Why is it so hard to find true indicators of compromise?

Because there is so much going on every machine, a good hacker can disguise themselves and not make too many changes which are obvious.

What happens after  an attack occurs may also not be obvious, especially if data was taken but not modified.

This webpage from UK government explains the different aspects of the attack.

Un-targeted cyber attacks (phishing, water holing,ransomware, and scanning)

Targeted cyber attacks (spear-phishing, deploying a botnet, and subverting the supply chain)

Stages of an Attack – (Survey, delivery, Breach, Affect)

The Survey stage – trying to find technical information in technical support forums – looking for hidden files and different save locations

The Delivery stage – attempting access to online services, sending emails containing  malicious code or attachments, giving infected usb sticks away at a trade fair, and creating false websites in hope user will engage.

The breach stage – gain access to online accounts , achieve full control of user’s computer, tablet or smartphone, and make changes to affect system operations.

 

This  process of the attacker going through a step-by-step process may be familiar to you with many of the blog posts about the “Cyber-kill chain”  which is located at Lockheed Martin where they developed this step process by the attackers.

 

My blogpost on the cyber Kill Chain

 

 

The biggest problem with any attacks by hackers is that unless the hacker wants to be known they can hide and stop operating. This is why sometimes it takes 6 months to find an attacker.

How can attackers steal all your information and still stay under radar? Think about encrypted communications.

Can your software see all encrypted traffic on your network?

Venafi Blog discusses 5 different types of secure tunnels attackers use to steal data (exfiltrate data)

  1. Use IPsec tunnels to gain initial access
  2. Pivot within site-to-site  VPN tunnels
  3. Move payloads through ssh tunnels
  4. Falsify machine identities in ssl and tls tunnels
  5. Create phishing sites using ssl and tls tunnels

You can see that depending on the system compromised and the methods the hacker wants to use, they can operate their objectives without your knowledge.

Contact us to discuss.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.