Monday, March 19, 2018

When forced entry becomes digital

One of the worst crimes against property that we can suffer is the housebreaking, the economic damage it causes is added to that strange feeling of knowing that a stranger has been fiddling among our personal effects, breaking the inviolability of our domestic sanctuary.

If you have suffered a similar situation or you can put yourself in the victim's shoes, get ready ... because in the digital world these type of actions are becoming more frequent, for example, before the ransomware only intended to block your information, now It leaves a window open to this type of attacks. That is why today we want to share this interview with Tom Kellermann, Chief Cybersecurity Officer at Carbon Black, and an expert on all types of digital threats.

The first fact to consider is precisely that evolution of ransomware, currently "What’s scary about ransomware, is not only the applicability to ransom but more importantly the utility of it to conduct counter incident response.", in Tom Kellermann’s own words, who also points out that ransomware "moved from burglary to home invasion in the last two years" increasing the level of threat faced by companies and users.

As in the real world, if you detect an intruder at home, you could scream that you know he/she is there and that you have a weapon to defend yourself, but you can not know if it is a single man or if you have an accomplice outside waiting. In the digital world the situation "It is the equivalent of one burglar leaving and another taking over, the other may set your house on fire to punish you, there are more and more destructive attacks", so often the second action is usually more dangerous than the original attack.

With that in mind, Tom Kellermann believes that the best way to defend oneself is "give us as much as we can in closed forums" and also "o advise partners that it is not in the best interest to immediately terminate command and control connection", because the intruders may have captured all the information they need to make sure they do not leave anything behind them.

In addition, we must consider that the way in which hackers leave the crime scene has also evolved, they even close the vulnerability that gave them access so nobody can use it again, except for them to take over the attacked space "between application attacks and fileless malware, more often than not they are going to get past the endpoint and move freely and laterally in your infrastructure as they will use your encryption to run through your tunnels, or use trusted protocols that you would usually never monitor and once inside they will compromise credentials of super users "

For this reason, Tom Kellerman thinks that we are not doing everything possible to defend ourselves from this type of attack, especially if we consider that we are moving in an increasingly hostile environment and that the key to success lies in reducing the time that attackers are housed in our infrastructure, reacting as quickly and silently as possible to the attacker, thus reducing their ability to move laterally through our system and " If we can just do that, that is success – as sad as that is to say. "

After analyzing the interview with Tom Kellerman, we must agree with him. Adding that, as we would do in real life, instead of shouting to scare the possible attackers, we must first sneakly check how many they are, with what means they count and what they intend. In addition, reinforcing the perimeter (digital in this case) to prevent unwanted intrusions is still a good tactic, prevention is better than cure.


Post a Comment