Today’s cyber-criminal may be trained in business, not hacking!
Today’s cyber-criminal may not be a skilled hacker, but rather a person skilled with business processes, perhaps at an executive level. All of the tools required for discovering and gaining access to your company are available for purchase – even on a SaaS basis! Just how sophisticated has Crime as a Service become?
- Search on some of these topics – Malware as a Service (MaaS); Crime as a Service, Ransomware as a Service (RaaS), Money Laundering as a Service (MLaas).
- A reference: https://cyberessentialsdotblog.wordpress.com/tag/saas/
- Major data centers behind these services operate on the darknet – and are periodically discovered and shut down by law enforcement – apparently with little impact to the business of cybercrime because of the degree of redundancy built into these services!
As an example, a cyber-criminal may be highly skilled and knowledgeable about real estate transactions, including wired transfer technology.
- That person might rely on services to identify a deal in progress – perhaps groups who have successfully hacked large numbers of individual e-mail accounts and able to search for key words, arriving at a list of pending deals, and identifying the legal firm handling the deal.
- Research on the legal firm can be expected to identify the key players and their assistants. This information can be used to direct a spear phishing attack on select individuals – perhaps an assistant, with the goal of gaining access to that person’s e-mailbox.
- The cyber-criminal can now gather more specific information, allowing them to fashion e-mails and documents that are identical to valid documents in use by the company, such that the cyber-criminal can now directly insert their self withing the business process and successfully redirect the deal to their benefit.
The point here is that all of the technical services can be purchased, allowing for an entirely different sort of person to target your company – a person knowledgeable and comfortable with working at the executive level, perhaps – and allowing for a far more sophisticated attack.
Two-Factor Authentication requires an end-user provide a password and a code from a physical device. The term Multi-Factor Authentication (MFA) has taken the place of two-factor authentication, simply because the technology deployed initially for two-factor authentication has evolved, such that the implementation has become much broader than the initial systems for two-factor authentication, while retaining the requirement of authenticating with both something memorized and something obtained from a physical device.
The harvesting of account credentials by cyber-criminals, via phishing techniques and malware has become an important means by which corporate networks have been compromised. One important defense is to ensure that management credentials are never cached on endpoint computers, via implementation of Tiered Logon Protocol (TLP). This may be done by assigning network administrators several user accounts, each restricted to certain management roles ranging from user only privileges to a high level of management rights – tiered accounts. Use of these accounts is typically restricted – for example, logon by an administrator to an endpoint computer would be restricted to an account with user only rights.
An endpoint device is taken to be any device that is used by an end-user to connect to a network – a PC, Mac, laptop, netbook, and so on. An endpoint network segment is taken to be a local network to which only endpoint devices are connected. The endpoint network segment will be connected to a firewall, such that access to other networks can be inspected and secured. Company servers and services might be located on a secure server network.
All computers connected to a network are able to communicate directly with each other. That network might be divided into two, with PCs connected to one and servers connected to the other – and now PCs can communicate directly with other PCs but will be unable to reach servers. The network can be viewed as two segments – one for PCs, one for servers. Each of the two network segments might be connected to a firewall, such that traffic between the segments can be inspected and controlled – now adding security. Corporate networks typically have many segments – perhaps including PCs, general servers, VoIP for IP phones, wireless, management cards of network devices, and so on. The tools available to a hacker with access to the PC network are greatly diminished once it becomes necessary to cross a firewall to access central resources.
