Table of contents
- Some of the most notorious attacks that utilised zero-day exploits include:
- Do you want to read more on this topic? Check out these articles:
IT Security and Network Security Strategy are closely related, one would undeniably fall short in the absence of the other. National Security Agency (NSA) showed concerns that the organisation has not been able to respond to a Zero-Day event in over two years. The concerns clearly demonstrate a widening gap between exploitable vulnerabilities and the ability of businesses to cope with them.
In addition, CSG Technologies has identified four additional steps combined with NSA’s three steps to form a solid and comprehensive IT security system foundation. Zero-day assaults occur if an attacker exploits the vulnerability of an end-user who is unaware of the existing attack. Hence, there are no pre-existing fixing or patching. Because, they are much harder to respond to than assaults on known weaknesses due to no time – ‘zero days’ – between the vulnerability’s discovery and its exploitation by hostile actors.
Some of the most notorious attacks that utilised zero-day exploits include:
Stuxnet Worm: In this attack which targeted Iran’s uranium enrichment plant at Natanz, a virus/worm reportedly developed by the United States and Israel exploited multiple zero-day vulnerabilities to spread and gain privileged access on systems. An engineer at an infected facility unintentionally connected his office laptop to his home network which released stuxnet. Unfortunately, the stuxnet worm attacked and infiltrated 15 Iranian facilities causing substantial damage to their nuclear program.
Aurora: In 2010, Chinese threat actors used a zero-day vulnerability in Microsoft’s Internet Explorer to hack into Google, Adobe and over a dozen other companies. Specifically, the criminals were targeting Google’s source code in the hopes of discovering additional zero-day exploits.
RSA hack: In this infamous 2011 attack, cyber criminals exploited a zero-day vulnerability in Adobe’s Flash player to launch a spear-phishing campaign targeting RSA employees. The attackers stole information pertaining to the company’s SecurID two-factor authentication products. In fact, following simple yet continuous measures are sufficient in preventing these attacks according to the NSA cybersecurity chief. Critically, following best-practice measures could have prevented 93% of the 90% incidents caused by human error in his unit. In this article, we discuss how enterprises can develop a habit of reviewing IT security system by following steps which include network segmentation, multifactor authentication and security education.
NSA’s security steps
Enterprise should implement multifactor authentication such as two-factor authentication (2FA) as against using basic password protection. Simultaneously, 2FA relies on two variables, one of which users know – i.e. the password and the other which they own – a physical device such as a mobile. Other mechanisms rely on factors like biometrics.
Role-Based Access Control
Implementation of role-based access control restricts a user’s access to the required resources essential to fulfil his functions, or role, in the company. For example, an HR employee won’t need access to accounting functions. Therefore, by limiting access, a compromised employee account will be restricted from functions and data that are outside the needs of that role.
First-most, enterprise networks are generally open, with the only filtering function performed is to deny certain connections. Allowlisting flips this paradigm by allowing only specified connections and data flows that are required for the application functionality; all other connectivity is blocked. Accordingly, the objective is to reduce the opportunities for a security breach to spread laterally across an organization. Nevertheless, teams should configure the filtering systems to record, or log, failed attempts to establish connections. Think of these alerts as trip lines that tip teams off to compromised accounts or systems. Regular monitoring and reporting can help manage the deluge of events from the filtering systems.
CSG Technologies’ Additional Security Steps
Patching and Workarounds
Teams must be diligent in patching and installing workarounds against known vulnerabilities. As noted in NSA’s presentation, zero-day attacks rarely occur, and the majority of cybersecurity breaches are due to unpatched systems. Thus, regular updates must be applied to applications, server operating systems and network infrastructure. Teams will need processes and people to track updates and configuration management systems to facilitate the updates.
The goal of network segmentation is to prevent the horizontal spread of automated malware between business functions. Dividing the network into functional segments with limited access between segments. For example, facilities infrastructure networks have no reason to access business functions, like HR or accounting. Teams should use application allowlists (see step 3 above) for any access between business segments.
The most common intrusion has become ransomware, and a successful widespread attack can severely strain a business. System backups can eliminate much of the risk from a successful attack but only if the backups themselves cannot also be compromised. Therefore, teams must carefully design their backup strategies to stay safe because attackers are known to monitor IT systems for weeks before triggering the encryption of an organization’s data. Natural disasters can be just as disruptive as a ransomware attack. For instance, Jacksonville, Florida if often subject to named tropical storms that are known to cause significant damages to businesses and their infrastructure. Hence, backups should be stored where they will not be subject to the same event that affected the operating systems. It is imperative to research how businesses handled and recovered from natural disasters to learn what worked and what did not.
Employee Security Education
The final security step is to educate employees. Use anti-phishing campaigns to train employees on the types of emails that facilitate intrusions or fraud. A common attack is to entice employees to click on malware-infected jokes, pictures or videos within emails. Phishing emails convince employees, typically in accounting functions, to make fraudulent financial transfers. Accordingly, certain employee roles may need additional job-specific training. Human error is the most common source of an attack. In addition, an added benefit of this training is that employees become better prepared to avoid such attacks in their personal lives.
Making it All Work
Finally, a good balance of people, process, technology and tools is characteristic of a strong IT system. Besides, the above seven steps focus on people and processes, CSG Technologies’ expertise lies in technology and tools. Thus, a partnership between business and managed service providers like CSG Technologies can form the foundations for a robust IT security infrastructure.