It is a mistake to fancy that horror is associated inextricably with darkness, silence, and solitude. H. P. Lovecraft
Cybersecurity horror stories, they don’t just occur, during Halloween, on a dark and stormy night, there aren’t three knocks on the wall that alert the denizens, creepy dolls sitting in the corner watching over sleeping children who were playing with an Ouija Board hours before. They happen every single day, rain or shine, Ouija Board chair stacking demons not required. So gather around as we place a flashlight under our chin to fill your soul with dread as well tell three tales of horror, from the world of cybersecurity. The following are based on true stories:
The Ring (from the analyst) The Tale:
It was 3 am when the phone rang and Theodore groggily answered the phone to hear rapid breathing on the other side of the line, “hello?” He was greeted by a voice that sent chills down
his spine. “Seven days,” it was the company’s analyst, Steve, “they’ve been in our systems for seven days.”
Theodore quickly got dressed and drove to the company’s security operation center. His worst nightmare was coming true, attackers had infiltrated his company and he now had advanced persistent threats throughout the entirety of the network. He gripped the company’s incident response playbook, they had not prepared for this, how could they. It was then that Theodore remembered the warnings of the compliance auditors the month before. “Don’t allow these legacy systems that are no longer supported to remain on the network, they are dangerous. You should try to upgrade them as soon as possible.”
Legacy systems can sometimes seem a necessary evil, a proprietary system that was developed for the company but the developers have since closed up shop, a “server” supporting an older appliance that is required to run Windows XP. These systems can remain unpatched for months even years, and when support for these systems have been abandoned by their creators, they pose critical risks to a company’s infrastructure. This type of story affects companies worldwide.
The first and possibly the easiest solution would be to ensure these systems are not accessible from outside the company. With bad actors constantly scanning the internet for open ports, and
even websites that keep track of appliances, and systems running legacy software that is accessible openly via the internet, these systems are sitting ducks for attackers.
The second solution is to use a different system for that business function. While this may cause issues with the business or not be deemed cost-effective, it is less of a pain than having to pay fines depending on the type of business performed or even rebuild your infrastructure in the event of a data breach. Finally, tools that segment your network to prevent lateral movements could be examined to find the right fit for your business. Here at SecureNation, we can help you and your team find the best fitting solutions.
The Power Shell compels you The Tale:
Linda frowned, as she poured her cup of coffee for the day and began to peruse her work emails, as the only payroll personnel her inbox was constantly bombarded by messages. One such email was marked URGENT, please read immediately. Another email from corporate, no doubt warning of yet another change to how payroll is to be processed. She clicked the email to be greeted by an attachment from “corporate”, a file that had been zipped twice. “Great,” she whined between sips, “I’ll need to download another program to even open this, I’ve never even seen this file type before. Why can’t they just use PDF like normal people?” After downloading and installing a program to open the file, she began looking through the zip file. A single file named “important.js” dwelled within. Linda right-clicked the file to run as administrator, in the past, she had done this with other programs that would give her fits when trying to run.
The script opened a blue window with white letters as what she would have called ancient script began to fill her screen, and for a moment the computer froze. Linda tried to close the window, but it seemed as if the mouse wouldn’t function anymore. Suddenly a green box filled with black text popped up, causing her heart to skip a beat. “Your files have been encrypted, please send 17,000 USD by bitcoin to decrypt these files, in 3 days your files will be unrecoverable, you have been warned.” Linda frantically tried to open her files, each time the message “Windows cannot open this file” appeared. They say if you wander into the payroll department on a Friday, you can still hear her screams and wails to this day, and that anyone who opens that email will suffer the same fate as Linda.
There were several issues in our previous tale to be addressed. Linda, and probably the entire staff of the company, needs a bit of training in properly spotting and identifying phishing emails. However, some issues have a larger impact in this tale, one being that Linda was a local administrator on her machine, an issue that is often overlooked or simply ignored by IT personnel in several companies. The final issue is that the company did not have protections in place to stop this type of attack, lacking phishing mitigation and even endpoint security protection pose a serious threat to any network.
Tackling these issues should be a no-brainer, better security appliances would have helped to halt this attack in its tracks, preventing it from reaching Linda at all. Companies benefit greatly from phishing mitigation appliances, such as Cofense or Proofpoint. With phishing emails being sent at the alarming number of 14.5 billion per day, companies cannot afford to lack either proper personnel training nor a phishing mitigation solution. Proper auditing and compliance is another issue often overlooked by companies; staff having the authority to run the malicious program as an administrator is a commonly seen issue worldwide. Proper administration of Linda’s machine would have kept her from running the PowerShell script as an administrator in the first place.
(Shadow) IT The Tale:
George sat down at his desk to begin his first day at the King Productions, he had just finished filling out his new hire paperwork with Penny in the HR department. The exchange had left
George with a rather peculiar feeling, he had watched Penny scan and then upload all of his personal information to a Dropbox account. He had noticed this was a Penny’s own personal Dropbox account and that the Employee Information folder sat near a folder named Passwords. He had questioned her as to why she was storing his personally identifiable information in personal cloud storage, and it was her answer that made him shudder. “We all upload here Georgie, we all upload here.”
Shadow IT has become a real problem in the past few years, with more employees using personal accounts, unsanctioned appliances, and unmanaged programs. George’s data is as safe as Penny’s Dropbox account in our above tale, and with the news of big data breaches happening every day to cloud storage companies, such as Dropbox in 2012 and iCloud in 2014, George’s data isn’t as safe as Penny thinks.
Managing Shadow IT can be a daunting task, thankfully some technologies assist with thesecases. From Cloud Access Security Brokers (CASB) to appliances that monitor and alert the SOC of the presence of Shadow IT. Just having a clear map of your network with an accurate inventory can give you a huge advantage when defending your crown jewels.
It’s too late once an incident occurs, trust in the company is a hard thing to win back after the dams break. The boogeyman is smarter, craftier, and more agile- SecureNation can help you overcome your fears…