Recent high-profile data breaches like the one that led to the release of the so-called “Paradise Papers” have increased awareness of the threat of cyber attacks. However, as Victor Meyer, senior consultant of SALT Technology Group, pointed out at a breakfast presentation at George Town Yacht Club on Nov. 30, many businesses don’t learn that their computer network has been compromised until long after the fact.
“What we have seen is that it takes an organisation six months to realise they have been breached,” he said. “So you may have been breached and don’t even know it.”
Meyer’s presentation, which allowed the attendees to experience simulated cyber attacks, was preceded by remarks from Ricardo Agosto, the Microsoft territory manager for Bermuda, Cayman, Bahamas and Belize. He said Microsoft takes the threat of cyber attacks so seriously, it spends US$1 billion a year in research and development to learn about vulnerabilities and how to thwart attacks.
“We have a team dedicated that just works on hacking Microsoft products; that’s their job and that’s all they do,” he said. “We have a red team that attacks and a blue team that protects.”
ANATOMY OF AN INTRUSION
To help the attendees, many of whom work in IT departments of Cayman Islands firms, understand just how cyber attackers operate, Meyer talked about the “anatomy of an intrusion.”
He said that people need to think of cyber security as a journey, not a destination, because attackers are always coming up with new ways to gain access to computers and networks.
“It’s something you have to do every day,” he said. Looking at how attacks are carried out, Meyer said they start with reconnaissance.
“Attackers will look for vulnerabilities,” he said. “In a network, they will always look for the weakest animal in the herd. They scan the environment and look for the user who isn’t necessarily following the best security protocols.”
The second stage of the intrusion is where the attacker gains access through a vulnerable device. Once the attacker gains control of that device, he or she will look to traverse the network by moving laterally through and gaining control of multiple devices.
“They will then gather user credentials,” he said, adding that the theft of credentials can sometimes happen by “brute force” software hacks to gain access to plain text user names and passwords. Brute force intrusions will often leave evidence of the attack, but another way to elicit the same information is by passively getting users to provide it for you through various phishing techniques.
Attackers will also plant malware, viruses or other malicious code that forces computers to run a certain way or even gain access to email address lists in an effort to expand the attack outside of the immediate computer or network.
If attackers obtain user credentials, they can use that information to gain access to personal computers. “People often use the same passwords in their work life that they do in their home life,” he said.
Once attackers gain access to user credentials, Meyer said they can use that information to steal data or commit various crimes like wire fraud.
Meyer then demonstrated just how easy it is to gain access to computers and networks by doing a live demonstration that was displayed on a big screen and took only a couple of minutes.
Good computer or network protection starts with knowledge, Meyer said. “Research and preparation are the most important parts of stopping an attack,” he said. “You should know as much about your environment as the people who will do port scans reconnaissance.”
Being aware of the new emerging threats is also important.
“Go and sign up for the Microsoft RSS feed,” he said. “It’s once a month. Microsoft is good about telling us about what threats are coming up.”Software like PowerShell and AppLocker are two tools businesses can use to help protect their systems.
“PowerShell sucks the oxygen out of the fire,” he said. “If it doesn’t have oxygen to combust, it’s not going to combust.”
Meyer also suggested that businesses segment their networks, control their firewalls and make sure people are complying with security protocols. Using an advanced operating system is also recommended, but not the panacea.
“Windows 10 is the most secure operating system, but you need to harden that with tools like PowerShell,” Meyer said.
In the end, computer users and companies need to be always vigilant and use best practices because there are also “zero-day” threats out there, where there are programme vulnerabilities that attackers have learned that even the maker of the software doesn’t know about.
“Every day can be zero-day,” Meyer said. “There are new threats every day.”