Cybercriminals Lurking Where Most Companies Fail to Look
By Tab Bradshaw, Chief Operating Officer, Redpoint Cybersecurity
Today’s unending nation-state cyberattacks target organizations of all types – and the attackers are routinely successful at gaining access despite seemingly prepared IT security personnel and their accompanying hefty investments incybersecurity solutions. It’s a battle that frustrates all industries and sectors. And it doesn’t seem winnable to most. But why?
The problem in 2022 is that the cyber bad guys want company data, customer information and much more so badly that they’re willing to be patient and persistent. They’ll wait days, months or longer. And unfortunately, that doesn’t mean they only target the Fortune 500 – far from it. In fact, an organization is only as strong as its weakest partner that has access to their systems. Just ask any number of the victims that were ultimately attacked via a third-party that few would have ever suspected created a weakness.
Threat actors are successful today because IT security personnel are usually looking in all the wrong places to find them.The best and brightest cybersecurity minds in intelligence communities around the world have made it clear: Beyond the cybersecurity basics and much-needed solutions from security vendors, knowing WHERE and WHEN to investigate and identify a threat is absolutely paramount. With cybercriminals taking their time and doing their research, getting in slowly but surely, they’re obviously doing so while skirting the latest in technologies and the best of IT security intentions.
Unfortunately, over the last several years the shortage of talent in the cybersecurity space has only continued to worsen. That translates into many organizations being security tool rich, but talent poor. That doesn’t make for a very effective combination, especially if learning how a threat actor thinks and lurks around is a top priority. Afterall, security operations center personnel these days would likely say they’re strapped for time as it is.
Marketing Technology News: Emarsys: Americans More Excited Than Brits for the Queen’s Jubilee!
So, How Are Nation-State Attacks Gaining Access To Valuable Data?
Incident response teams and professional threat hunters are seeing on obvious trend: Organizations of all sizes are blind to the fact that they must look beyond security controls and tools they’ve purchased, and instead need to look at the actual network actions. Nation-state actors can obviously thwart even the most expensive, far-reaching security tools, alerting systems, logs, etc.
Instead, cybercriminals use well-researched phishing efforts to obtain valid usernames and passwords to then hide among very common occurrences. They’re not going to easily rear their heads. They look for things as simple yet helpful to hide alongside such as scheduled tasks that are usually a routine, commonplace update or something of the like. All major operating systems creates tasks and run them automatically – they’re normal and critical tasks. Hiding among them, however, can be trouble.
Unfortunately, the administrator at this point can become the only thing standing between an organization’s valuable data and the threat actors. The admin isn’t usually security focused and has little chance of noticing the criminals’ persistence to determine how best to dig deeper. Unless personnel are going into the command line, it’s not going to be found. Indeed, especially in regard to nation-state threat actors, they’re using the organization’s OWN network to steal and threaten all types of customer and vital data.
Marketing Technology News: MarTech Interview with Ed Locher, Vice President of Marketing at HG Insights
Emulation Seems To Be Today’s Best Bet To Accompany Security Tools
In order to prevent lengthy and incrementally deeper and deeper attacks, incident response teams can’t just eventually solve a problem and consider the threat mitigated. That specific instance of persistence among a nation-state may have eventually been stopped, but the process easily starts all over again. That’s why organizations must protect their operations and data, need to use emulation on an ongoing basis, employ ethical hacking that finds vulnerabilities in the actual network, fixes them and then continually starts that process all over again on a regular basis. It’s very much a rinse-and-repeat approach that is just as, if not more than, valuable as backups and cybersecurity insurance combined.
There are several methods of persistence used by nation-state actors to hide, with some approaches being far trickier than others to identify, but only those skilled at investigating potential persistence pathways will likely find it before it’s far too late. Thus, in 2022 it’s far more about HOW someone is going to attack instead of solely relying on analyzing logs and alerts, although those have their place in cybersecurity protection.
So, the ever-increasing successes we see with nation-state threat actors parallels this increased use of persistence at a level in the network that is currently neglected by today’s usual approaches to protection. It’s a danger that emulation and talented incident response experts can, at least at this point, best effectively mitigate and ensure a consistently powerful security posture for protecting company data.
Marketing Technology News: How to Build a High-Performance Marketing Team