Page 145 - Cyber Defense eMagazine June 2024
P. 145
All three have their own intricacies, and while the methods for defending against them may vary, there is
one common theme – ensuring the right controls are in place and have been deployed effectively. In the
first of this two-part series, I’ll focus on the sophisticated attacks, before turning to industrialized and
opportunistic attacks in the next piece.
The sophisticated attack cyclone
Sophisticated attacks are the hardest to remediate, and often have a broader and longer lasting impact.
The Microsoft email hack in July 2023 is a prime example. It was one of the most tenacious attacks of
the last few months, which ultimately allowed the adversary access to almost any email hosted on
Microsoft 365. This included many government and defense departments globally as well as private
businesses – both large and small.
In this case, state-sponsored threat actors were responsible, using a mix of exceptional techniques mixed
with traditional Tactics, Techniques and Procedures (TTPs). To Microsoft’s credit, it was initially open
about the attack, even detailing how it occurred, shedding light on multiple points of failure, going back
as far as 2021. It has since updated this blog, scaling back on its original hypothesis, but still pointing to
operational issues as the cause.
The original blog pointed to multiple points of failure – both in the tech and operations – that left the front
door wide open to the attackers. This was confirmed by a US Department of Homeland Security’s Cyber
Safety Review Board (CSRB) review of the incident, which was conducted due to the global significance
of the attack. What remains clear is that there were multiple stages where this devastating attack could’ve
been interrupted to limit its impact, or even stop it in its tracks.
But the attack shows that nobody is immune to cybercrime, and that a determined, well-resourced
attacker will compromise even the biggest organizations that pride themselves on their security.
Sheltering from the storm
However, even with sophisticated attacks, organizations can take steps to secure themselves by ensuring
a zero trust strategy. But achieving zero trust is hard, and can be overwhelming when applied to every
individual, and every single device, application and scrap of data the organization owns. So organizations
should prioritize the systems that would benefit most from zero trust initiatives first.
Understanding what resources and which users are critical to the business will allow security teams to
set realistic goals and outcomes when looking to deploy zero trust initiatives. For instance, zero-trust
might not be a priority for the machine displaying menu options in the staff canteen. But it will be for
ensuring privileged users with access to business-critical data can still do their jobs.
Organizations’ first goal should be to ensure they have the data to fully understand their landscape, how
users interact with it, and where the greatest risks are. Armed with this they can create measurable
objectives to roll out a zero-trust strategy, starting where it’s needed the most, showing success and then
expanding the initiative.
Cyber Defense eMagazine – June 2024 Edition 145
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
