By: Carolyn Crandall
2017 was the year of unrelenting breaches. Unbelievable amounts of personal information were compromised, ransomware attacks reached into billions of dollars, and breach fines that cost companies millions. Not to be left out, threat actors also crossed ethical boundaries with attacks that compromised patient safety and targeted industrial control systems that could have caused massive harm.
It has become easier and easier, based on readily available tools, to create new ways of spreading malware or ransomware or stealing data from companies. Human error, from clicking on phishing emails to failing to update patches, and other simple mistakes have all left the doors open. Open so much so, that attackers no longer concern themselves with persistence in the network. It’s just too easy to get back in.
How did this get so easy? Tools, believed to be stolen from the National Security Agency, allowed hackers to compromise a variety of Windows servers and Windows operating systems, including Windows 7 and Windows 8. These tools were widely leaked by an anonymous group called the Shadow Brokers back in April. Many have attributed the use of these tools to the outbreak of WannaCry cyberattacks.
In May, WannaCry, which appears to have originated from North Korea, impacted more than 150 countries, as the ransomware attack targeted businesses running outdated Windows software and locked down the files on these systems. Over 300,000 machines were hit across numerous industries with demands for ransom payment to unlock these files. In Great Britain, hospitals were affected, forcing procedures to be rescheduled and leaving patients without care. This was one of the first times we have experienced such a massive disregard for patient safety.
Soon after, there was the NotPetya malware that spread to major global businesses, across multiple industries. This included transportation, with FedEx and Maersk (a Danish shipping company), Pharmaceutical titan Merck, the advertising agency WPP, Russian energy company Rosneft, and many Ukrainian businesses. FedEx attributed a staggering $300 million loss and Maersk over $250 million loss because of the attack.
Not to be outdone, the October Bad Rabbit ransomware campaign posed as an Adobe Flash installer on news and media websites and used this leverage to infiltrate computers. It would then scan for shared folders and use these as a way to harvest credentials to escalate the attack. Russia appeared to be the most heavily targeted, but attacks were also recorded in the Ukraine, Turkey, and Germany.
AWS has also found itself in the news for a series of breaches that impacted the U.S. Department of Defense, Verizon, Time Warner, and Accenture. A GOP data firm misconfiguration of a security setting in its Amazon cloud storage service is cited as the root cause of many of these breaches. Shared security models, compounded by the ongoing challenge of supplier risk management should all give us cause to assess the risks that shared information, open commerce, and privileged access bring.
Another notable example is from May where Sabre revealed hackers had compromised its SynXis hotel booking management system, and at the end of June, Google instructed employees to be on the lookout for suspicious activity on their cards, because one of its travel agencies, Carlson Wagonlit Travel, was potentially exposed to the SynXis breach. Notably, Carlson Wagonlit is also said to handle more than five million transactions annually of U.S. military and government travel.
Clearly, attackers can and will get around perimeter defenses. In 2018, it is a must that security teams change their approach to security controls and a focus on detection and response technology. Deception-based detection is a highly effective solution for in-network detection based on its ease to deploy, operationalize, and scale. Uniquely, deception can be used to turn the asymmetry on attackers by making deception appear identical to real assets and credentials, dramatically increasing the difficulty of executing an attack and inevitably causing an attacker to err and reveal their presence. Dynamic deception technology will also up the game by empowering organizations to easily reset the synthetic network “game board” on demand. This forces the attacker to restart their attack or risk being discovered and quarantined, collectively increasing attacker resources and cost. What better deterrent than causing the attacker to slow down or start over.
It is inevitable that there will be an onslaught of new attacks in 2018 and the best defense will be to go on the offense in order to detect threats early and accurately. We saw great success with customers deploying deception to efficiently detect threats. They saw instant value from setting traps for attackers and not affording the attacker the time to complete an attack. We also had some great fun with penetration testers and at capture the flag events.
I look forward to sharing more in the new year about our customer success stories and company momentum.
Have a happy, safe, and threat free new year.