by Dr. Grigorios Fragkos, Senior Information Security Consultant, SysnetLabs
Over the past few years, cyber security has become a high priority task on the agenda of every organisation that wants to: prevent unpleasant security incidents, avoid being breached by sophisticated attacks and Advance Persistent Threats, detect malicious activity which is specifically designed to evade detection and last but not least respond proactively to the emerging cyber threat landscape.
During 2014 in particular, cyberattacks became the norm making headlines on a regular basis with a number of high profile breaches being in the spotlight which as a result affected the number of online transactions.
More specifically, it was reported that the levels of fraud increased in 2013-2014 by 12% which accounts for 37% of the total £603m cost of retail crime as reported by the BRC Retail Crime Survey.
It is noteworthy that the amount of effort put into cybercrime tactics has seen a significant increase. Cybercriminals are constantly trying to evolve their attack vectors, while developing further their cyberattacks by looking to emerging technologies and services, such as Cloud services, Internet of Things (IoT), Big Data, etc.
The outcome is that both targeted and untargeted attacks have been equally infused with advanced techniques capable of compromising even more difficult targets.
However, in order to protect businesses and their respective network infrastructures, it is necessary to understand first what targeted and untargeted attacks are, their key characteristics, their attributes, and how they are conducted.
Usually refer to the release of some malware or virus on the Internet which tries to exploit random targets by focusing on a specific vulnerability and/or security weakness. Most of the time, these vulnerabilities and weaknesses are well known but haven’t been patched within a reasonable amount of time for various reasons.
There are also cases where a vulnerability hasn’t been discovered by the information security community or it hasn’t been disclosed to the public. In these cases there are no detection signatures available which can make detection almost impossible. Most of the time, the untargeted attacks are kept generic, trying to compromise and infiltrate as many targets as possible.
Usually, the main reason is the creation and expansion of a botnet which can be used in a many ways e.g. Distributed Denial of Service attacks.
On the other hand, are far more sophisticated and attackers tend to have prior knowledge of the target’s environment. These attacks are specifically designed to evade detection as much as possible and infiltrate the target network using a number of techniques. Once inside, it usually stays undetected for a long period of time, collecting information and spreading across the network infrastructure.
Targeted attacks may be the result of corporate or cyber espionage, an attempt to disrupt business continuity, for profit, or even state sponsored attacks resulting in significant financial gain.
When a breach happens the first question is always how they got in, followed by what were they after and what is the impact to the business. When this happens, businesses should always turn to companies like Sysnet Global Solutions who can provide Blue Team incident response services and impact assessment on Cyber-attacks.
Keep in mind that each Blue Team is staffed with trained professionals who specialise in incident response processes, tools and techniques. Effectively, the use of a Blue Team incident response unit, penetration testing and computer Cyber/IoT forensics will provide answers to the first two questions.
However it is not always that straightforward to identify how cybercriminals got in, particularly if there are no obvious traces of the attack or if the breach remained unnoticed for a period of time.
This is why targeted attacks need to be taken under consideration early on and, most preferably, way before they actually start taking place. It is not a matter of “if it is going to happen” but mostly “when it is going to happen”.
There are actions which can be taken in advance to minimise the risk of a successful targeted attack, making it extremely difficult to be targeted and of course avoid being targeted by conventional means.
There are a number of different security assessments to be considered when protecting the infrastructure of a large entity or SME. Among these security assessments are the different types of Penetration Testing, such as infrastructure penetration testing, web application penetration testing, segmentation testing, wireless security assessment, etc.
However, there are also Social Engineering assessments which are equally as vital and specialised in assessing the effectiveness of a company’s security awareness programs and staff readiness.
Additionally, Physical Security assessments play a huge part when there is a need to identify how one can take advantage of weaknesses in the physical infrastructure while also assessing the readiness of responding to incidents.
When all these attack techniques and scenarios are combined with phishing emails, undisclosed vulnerabilities, evading antivirus detection techniques, and security misconfigurations they provide a fairly large window of opportunity to potential attackers. It can be exponentially difficult to assess the security posture of an entity against all these advanced techniques by testing one layer at a time.
At Sysnet, the advanced security services and security research team constantly work on advanced attack scenarios which unify the aforementioned attack techniques, in a multi-layered assessment.
This allows us to assess your holistic security posture not only in depth but from different angles as well, combining different stages and security elements while taking into consideration the evolving cyberattack landscape and the latest attack techniques.
If you are a merchant that requires technical or PCI DSS help, please click here