Page 50 - Cyber Warnings
P. 50
When the door is opened, be sure you have vigilant, armed, well-trained sentries on duty.
They’ll protect you from almost every other external threat – the attackers who go beyond
casual probing to methodical intrusion attempts.
With the above measures in place, you’ll be guarding against about 99% of all forays against
your system.
Finally, station hundreds of vigilant guards atop the castle walls and around the base of the
walls. They’ll spot and dispatch the final one percent of attackers, those lone daredevils who try
to scale the walls or tunnel beneath them.
To summarize - the walls and the moat are administrator rights to your system. More precisely,
they’re the curtailments, the strict limitations, of administrator rights. Smart, aggressive control
of administrator rights can neutralize around 85% of malware attacks.
The drawbridge and sentries are password controls. Eliminate stolen passwords and you’ll turn
back almost all of the remaining intrusion attempts. About 14 percent of them.
But if, somehow, an attacker climbs the wall or digs underneath it, the vigilant guards that will
nab him are the two-factor authentication brigade. That’s the final one percent of protection.
Let’s carry the castle analogy just a bit further. It will be much harder to defend the castle if you
don’t keep the walls mortared and if you don’t keep the food and ammunition supplies fresh and
plentiful. That’s your hardware and software. Keep it current, and keep it patched.
Finally, if your soldiers and sentries are untrained or lazy, it doesn’t matter how strong your
walls are. The human factor has always posed the biggest risk in cybersecurity. All of your
employees have a part to play. So keep them trained and informed. Whether they realize it or
not, they’re on duty all day, every day in the fight against cyber-thieves.
An Attack-in-Depth
The “Dyre Wolf” campaign against banks shows just how sophisticated the hackers have
become. Discovered and named by IBM researchers, it’s an invasion-in-depth, a mirror image of
a defense-in depth. Dyre Wolf has pulled off several million-dollar heists from banks and
corporations.
Run by criminals in Eastern Europe, Dyre Wolf uses spear phishing or spam emails to get a
foothold in the system. Then its minions post phony dialogue boxes about system errors,
prompting a phone call to a fake service center. They lure employees of the target company into
revealing their passwords and authentication codes over the phone. They also post spoofed
web sites, where gullible employees think they’re logging in.
Within seconds, millions of dollars get whisked away through a maze of foreign banks. The
attackers frequently launch a Distributed Denial of Service (DDoS) attack on the target bank to
prevent it from seeing what just happened.
50 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide