The threat of a major cyber attack targeting British infrastructure is looming. GCHQ recently reported that UK cyber attacks doubled in the last year. The big technology players are on the alert, with the likes of Twitter releasing cautionary statements to users as accounts are being targeted as entry points for obtaining sensitive information.
State-sponsored cyber-attacks strike with shocking frequency. The motives, methods, and results of such attacks vary, but the implications are clear: every organisation that stores sensitive information has a proverbial bullseye on its back.
Fortifying defences should be the urgent priority of governments and organisations alike. Well-funded and extremely efficient, with seemingly unlimited resources and talent at their disposal, state-sponsored cyber-criminals would appear to be an unbeatable foe.
What’s in their arsenal?
Some of the highest profile attacks in 2015 were distributed denial of service (DDoS)-related. DDoS attacks present one of the most dangerous forms of cyber threat. They are both increasingly common and extremely difficult to prevent. These attacks are frequently used as smokescreens for more invasive attacks as hackers exploit unguarded system backdoors to steal sensitive data. The types and sources of DDoS attacks are also constantly in flux, so network security professionals need investment that enables them to assume an extensible and adaptable position.
Over the past few years, SSL encryption has become a popular defence for both application owners and cyber criminals. Encryption improves security by providing data confidentiality and integrity. However, encryption also allows criminals to conceal their exploits from security devices like firewalls, intrusion prevention systems and data loss prevention platforms. Some of these products cannot decrypt SSL without degrading performance, while others simply cannot decrypt SSL traffic at all because of their location in the network.
Today, encryption accounts for roughly one-third of all Internet traffic, and it’s expected to reach two-thirds of all traffic when Internet powerhouses like Netflix transition to SSL this year. As a result, encrypted traffic will become the ‘go-to’ way of distributing malware and executing cyber attacks simply. Whether sharing a malicious file on a social networking site or attaching malware to an email or instant message, many attacks will be cloaked in SSL. On top of this threat, movements like Let’s Encrypt make it even easier for hackers to generate SSL certificates to sign malicious code or to host malicious HTTPS sites.
Defend your business
Security is a continual process and to keep out state-sponsored hackers, organisations need to stay on guard, implementingextra controls where possible. In addition to patching vulnerabilities and implementing multi-factor authentication, networked enterprises need to deploy intrusion prevention systems and data loss prevention tools to block attacks. To keep attackers at bay, organisations should also:
– DecryptandinspectSSLtraffic: State-sponsored hackers can hide attacks in SSL traffic to evade detection. As a result, network security solutions, such as next-gen firewalls and intrusion prevention systems, need to be able to inspect all traffic – not just the data that is sent in plain text. Make sure state-sponsored hackers do not bypass your security controls; decrypt and examine all traffic.
– Fortify web applications against attack: Web application data is an attractive target for state-sponsored hackers. Attackers exploit application vulnerabilities to gain access to web servers or steal records from databases. Make sure your enterprise protects your web applications with a certified web application firewall (WAF).
– Use virtual private networks (VPNs) to secure data: Any communications over public networks can be intercepted somehow. But you should still encrypt sensitive data sent over the Internet using IPsec encryption to help with security.
– Monitor and audit access to sensitive data: If you store sensitive data in databases or files, be sure to track all activity, including access and changes, to detect anomalous activity, prevent illicit access, and measure the impact of an intrusion if an incident occurs.
– Train employees on security best practices: To prevent advanced cyber attacks, organisations must educate their teams and enforce best practices like choosing strong passwords. Users should also be instructed to identify social engineering attacks, phishing threats, and other malicious activity.
The world has changed. The lone hacker is no longer the face of cyber crime; that bad actor has been replaced by entire nation states with dedicated professional teams of infiltrators. Cyber criminals are determined to exploit SSL blindspots to gain access to private data and company networks.
The key is to be prepared: the question is not if but when an attack will come, and our choice of defence will ensure that we fare best in this heightened age of security threat.
This article is from the CBROnline archive: some formatting and images may not be present.