Combat phishing by doing it yourself
Malicious attackers are zeroing in on what many consider to be the weakest points of any security setup, the water and carbon-based life forms running the whole shebang.
Most of us are wise to the fact that Nigerian princes really don’t need our help in transferring money around, and we almost certainly didn’t win a million euros in a lottery competition we never entered. So, attackers have begun crafting ever more realistic phishing emails that faithfully mimic correspondence from utility companies or package delivery services. While these emails are still distributed broadly, there’s evidence that hackers are also personalising emails to target particular people within organisations.
Aaron Bailey, director of Sydney-based The Missing Link Network Integration, believes that training – primarily through experience rather than lectures – is an important strategy in reducing the chances of a successful phishing attack against an organisation.
One particularly effective method, he believes, involves using a simulated phishing attack that generates not only metrics on who opened the suspicious emails, clicked on the links and entered credentials, but also delivers targeted training to those who need it.
Bryce Boland, CTO of FireEye Asia-Pacific, cautions that while helpful, it’s not a substitute for technical solutions, as “attackers only need to succeed once, and training is never going to deliver a 100 percent success rate”.
Back to basics
“Defence in depth” is a key phrase that came up consistently with all the security consultants who CRN spoke to. Having multiple layers of protection makes it more likely that only the more determined hackers are able to get in, while buying the organisation time to deal with them.
If you can’t afford the latest and the greatest, Julian Haber, CEO of Brisbane-headquartered Intalock, says that “a well configured, managed and monitored environment will provide better protection than numerous expensive ‘best of breed’ tools that are poorly configured or managed”.
In the experience of Loop’s Morrison, many companies still have “weak passwords, unpatched systems, use unencrypted protocols and lack of network segmentation allowing an attacker to venture anywhere through the network once inside”.
Getting the basics right can be just as valuable as investing in the latest technology.
What to do when an intrusion is succesful
Even with well trained staff and an expertly designed and configured security setup, Bitdefender’s Bogdan Botezatu believes that for most organisations it’s a question of when not if an intrusion occurs.
If an attack is detected in time, damage can be limited. Having SIEM and intrusion detection helps in this regard, both with real-time alerts and the ability to more simply dig through mounds of potential evidence.
Regular backups are always important. If your organisation is hit with ransomware, it not only allows you to restore systems to their pre-infected state, but also means that there’s no temptation to pay your data’s captors, which merely serves to perpetuate this cycle of cybercrime.
VENDORS TO WATCH
Trustpipe monitors network traffic heading into and out of a computer or server. With a small list (under 2Mb) of “expressions”, Trustpipe is able to detect known attacks and any potential variants that are whipped up by hackers. Its compact size and speed is said to make it perfect for older operating systems, including the still widely used Windows XP.
Sentrix is an AWS and Microsoft Azure-based scalable web-mirroring service that aims to prevent a distributed denial of service attack (DDoS) from succeeding. When your site comes under attack, Sentrix simply keeps expanding its mirror network until the attacker runs out of resources and quits.
PFP Cybersecurity secures a server without installing any software on it. It’s a completely external hardware solution, meaning that even the most advanced malware can’t detect its presence. The system monitors and creates a baseline of the server’s radio-frequency activity when it is performing normal tasks. Via careful analysis, PFP is able to detect anomalous behaviour and potential attacks.
Norse DarkWatch is an appliance that hooks into the company’s DarkMatter platform, which watches live attacks from the globe like you’d watch a football match on a Friday night. With threat sources and vectors updated constantly, users can prepare their systems as necessary.
NuData believes that online fraud has moved beyond just using stolen credit cards, and aims to prevent any funny business by monitoring user behaviour on e-commerce sites.
ThreatSim, via its web interface, permits you to run simulated phishing attacks against your own company, allowing you to figure out who is susceptible, and also run targeted training for at risk users.