Cyber Security - A massive Hazard to Enterprises
Certain cyber attacks - also called Advanced Persistent Threats (APT) - offer a means to overcome an enterprise's competitive edge in product design, engineering prowess, or infrastructure services, and to do so leveraging target specific methods.
APTs are directed by foreign intelligence services, organized crime, or competing companies. Hence cyber assaults are strictly targeted, highly sophisticated, and are aimed at rigorous objectives; Examples are the Stuxnet worm infecting industrial SCADA controllers or the Flame APT framework. Design and implementation of an intricate APT require substantial resources and persistence. In manifest contrast to a humble DoS, e.g., an APT is devised to operate noiseless and slow poison almost always exploiting 0-day vulnerabilities and gearing dedicated assault code not yet covered by existing anti-virus signatures.
Known APT infection methods are:
- special infection proxy switched into the genuine data path. The malicious proxy then modifies software (e.g., application patches) to incorporate malicious code
- drive-by downloads exploiting ubiquitous browser vulnerabilities
- rogue WiFi or Cell-based access points launching man-in-the-middle attacks
- spear phishing based on social engineering information gathering
- encrypted email attachments which cannot be checked by anti-virus utilities
- mobile storage media (USB, DVD, ...) containing hidden malware
- web hosting location provider applying physical security measures less strictly compared to enterprise data centers
- Virtual Private Cloud Provider building its customer segregation technique on insecure measures
- network equipment such as switches, routers, gateways, etc. featuring malicious on-board chips or firmware.
Methods to identify infections:
- recent IPS- and SIEM Systems offer features to observe and inspect the behavior of corporate networks
- enforced migration from Discretionary Access Control (DAC) to Mandatory Access Control (MAC)
- imposed generation of preventive file/directory checksums and file attribute surveillance
- periodically enforced memory dumps to check the presence of RAM malware and scrutinize active network sockets
- harddisk baseline comparison with its deployment status obtained after the automated provisioning
- NextGeneration Firewalls provide behavioral modules to identify suspicious outbound connections to latent Command & Control servers.
The current trend of relocating more and more corporate network services and applications into a public cloud simplifies cyber assaults, since clouds not always provide sec measures such as MFA, data-at-rest confidentiality, or data remanence elimination
Corporate Cybersecurity Strategy
It is pretty complicated to trace the genuine originator of a sophisticated cyberattack because the assault can be relayed easily across lots of warped zombie servers which don't excel at thorough traffic logging. That is, the usual 'military' strategy of a counterstroke threat is only theoretical as the presumed originator could resort to the plausible deniability acquittal. Hence, also the threat of legal action won't be deterring for a mischievous organization. Accordingly, neither deterrence nor preemption is a viable corporate strategy.
A stringent corporate security strategy contains:
- a state-of-the-art Information Security Edge Infrastructure
- the most critical Corporate Network (CN) segments must be physically disconnected from those CN regions with Internet connectivity. This safe-haven approach is the only way to infallibly protect pivotal corporate applications and services against targeted cyberattacks. Consider these isolated VLANs as an immune CN-2
- a thorough Security Information & Event Management (SIEM) system logging all layer2-to-layer7 principal events of every component in realtime is compulsory in order to detect changes introduced by exploitation raids against yet unknown vulnerabilities.