In April 2018, precisely on the eighteenth day of April, 2018, a team of experts from SANS Institute presented what they believe to be the five most dangerous new attack techniques in cybersecurity as well as remediations during the RSA Conference, San Francisco, USA. RSA Conference is one of the leading cybersecurity events across the globe where professionals rendezvous to expose the current trends and threats in our world today. RSACo 2018 was quite revealing.
The five threats outlined are:
- Repositories and Cloud Storage Data Leakage
A SANS Institute expert, Ed Skoudis, shared about the data leakage threats facing us from the increased use of repositories and cloud storage. He said:
“Software today is built in a very different way than it was 10 or even 5 years ago, with vast online code repositories for collaboration and cloud data storage hosting mission-critical applications. However, attackers are increasingly targeting these kinds of repositories and cloud storage infrastructures, looking for passwords, crypto keys, access tokens, and terabytes of sensitive data.”
Remediation:
- Establish an effective asset inventory system with suitable classification scheme.
- Create and implement an effective awareness program for the stakeholders.
- Use tools to prevent committing or searching for sensitive information in repositories.
- Track and review all access log especially to the most critical infrastructure.
- Use two-factor authentication in the access of critical infrastructure.
- Big Data Analytics, De-Anonymisation, and Correlation
Ed Skoudis also shared how attackers are using data from several sources to de-anonymise users. He said:
“The battle is shifting from hacking machines to hacking data – gathering data from disparate sources and fusing it together to de-anonymize users, find business weaknesses and opportunities, or otherwise undermine an organization’s mission.”
Remediation:
- Deploy controls that will prevent attackers from gaining shell on targets to steal data.
- Establish a process that will enable and on-going analysis of risks associated with combining your data with data from other sources to introduce business risk.
- Put in place controls that will maintain the privacy of customers. A careful consideration of the privacy implications of their data and its potential to adversely impact your reputation or attract regulatory sanctions should be the right way to go. You may consider GDPR critically.
- Attackers Monetize Compromised Systems Using Crypto Coin Miners
Another expert in SANS Institute – Johannes Ullrich – who has been looking at the increasing use of crypto coin miners by cyber criminals also shared an insight on how the bad guys are exploiting the crypto-currency world. He said:
“Last year, we talked about how ransomware was used to sell data back to its owner and crypto-currencies were the tool of choice to pay the ransom. More recently, we have found that attackers are no longer bothering with data. Due to the flood of stolen data offered for sale, the value of most commonly stolen data like credit card numbers of PII has dropped significantly. Attackers are instead installing crypto coin miners. These attacks are more stealthy and less likely to be discovered and attackers can earn tens of thousands of dollars a month from crypto coin miners.”
Remediation:
- Learn to detect the operations of miners in your environment.
- Put controls in place to monitor the resource utilization of your critical information systems. High CPU load, network traffic, and high temperature are the main means of discovery. This is applicable for outsider and insider threats.
- Identify obvious symptoms of computer misuse and trace the source.
- Identify the vulnerabilities that have been exploited by these coin miners, says Ullrich, in order to install them.
- Recognition of Hardware Flaws
Ullrich also shared that software developers often assume that hardware is flawless and that this is a dangerous assumption. He explained:
“Hardware is no less complex then software and mistakes have been made in developing hardware just as they are made by software developers. Patching hardware is a lot more difficult and often not possible without replacing entire systems or suffering significant performance penalties.”
Remediation:
- He proffered that developers therefore need to learn to create software without relying on hardware to mitigate any security issues. Similar to the way in which software uses encryption on untrusted networks, software needs to authenticate and encrypt data within the system. Some emerging homomorphic encryption algorithms may allow developers to operate on encrypted data without having to decrypt it first.
- Malware and Attacks Disrupting ICS and Utilities Instead of Seeking Profit
The Head of R&D, SANS Institute, and top UK cyber threat expert, James Lyne, discussed on the final note the growing trend in malware and attacks that aren’t profit centred as we have largely seen in the past, but instead are focused on disrupting Industrial Control Systems (ICS) and utilities. He said:
“Day to day the grand majority of malicious code has undeniably been focused on fraud and profit. Yet, with the relentless deployment of technology in our societies, the opportunity for political or even military influence only grows. And rare publicly visible attacks like Triton/TriSYS show the capability and intent of those who seek to compromise some of the highest risk components of industrial environments, i.e. the safety systems which have historically prevented critical security and safety meltdowns… ICS systems are relatively immature and easy to exploit in comparison to the mainstream computing world. Many ICS systems lack the mitigations of modern operating systems and applications. The reliance on obscurity or isolation (both increasingly untrue) do not position them well to withstand a heightened focus on them, and we need to address this as an industry. More worrying is that attackers have demonstrated they have the inclination and resources to diversify their attacks, targeting the sensors that are used to provide data to the industrial controllers themselves. The next few years are likely to see some painful lessons being learned as this attack domain grows, since the mitigations are inconsistent and quite embryonic.”
Remediation:
- Put in place a functional cybersecurity framework that is proactive in identifying threats and vulnerabilities in your organization.
- Cybersecurity programs should be part of National Security in every state and country.
- Continuously and deliberately build capacity and technical skills for cybersecurity for National Security. The warfare techniques have changed.
Mitiget is an integrated business risk solutions and IT assurance provider. We assist organisations in mitigating the risks associated with internal systems, business processes, projects, applications, data and third-party reliance. Our cybersecurity and data centre services are the most cost-effective in our space today. Mitiget’s ISO certification processes are tailored to embed relevant culture to business processes for continual improvement. We are experts at improving compliance postures across industries.