Page 18 - Cyber Defense eMagazine - September 2017
P. 18

The Noise Before Defeat: A Focus On Cybersecurity Tactics


               By John Walsh, director of product marketing, SSH Communications Security


               While  everyone  is  busy  addressing  the  most  recent  cybersecurity  threat  in  the  news,  the
               fundamental flaw in their company’s cybersecurity strategy is often overlooked.

               While it is imperative to stop the type of attacks making headlines today, a determined attacker can
               and will get inside your network. The goal of the initial breach is to spread the attack, and the best
               way to do that is to steal credentials such as SSH keys. SSH keys are access credentials for the
               SSH  protocol,  similar  to  passwords,  prevalent  in  most  Fortune  500  enterprise  computing
               environments.

               SSH  keys  grant  access  to  critical  company  infrastructure  and  proprietary  data.    Stealing  SSH
               credentials is the way attackers turn a relatively small breach into one of the large multimillion-
               dollar catastrophes in the news that can cause a company’s stock to tank and to miss earnings
               projections.












               Focusing simply on the latest type of malware, ransomware or phishing attack in the headlines is a
               focus on tactics with no overarching strategy. According to Sun Tzu in The Art of War, this is the
               noise before defeat:

                       Strategy without tactics is the slowest route to victory.
                       Tactics without strategy is the noise before defeat. – Sun Tzu

               There  is  a  common  theme  with  a  number  of  recent  attacks.  The  attackers  are  after  user
               credentials, like SSH keys, in an effort to spread the initial breach to critical system infrastructure.
               This  allows  an  attacker  to  access  machines  that  would  have  otherwise  been  immune  to  the
               malware, ransomware or phishing attack. There are many examples of this breach strategy being
               deployed in the news recently.

               SSH Keys in the News


               On July 6, 2017, WikiLeaks published documents purportedly from the CIA Vault 7 breach. These
               documents  contain  user  manuals  for  tools  capable  of  stealing  credentials  and  metadata  from
               active SSH sessions. These tools can extract SSH keys and their passwords from memory while
               the  SSH  session  is  active. A  common  defense  against  SSH  key  misuse  is  to  password-protect
               your keys, but an attack like this renders that technique useless. The threat of phishing tools, built



                    18   Cyber Defense eMagazine – September 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.
   13   14   15   16   17   18   19   20   21   22   23