If you have worked in the Information Technology business for any time, you will recognise a number of repeating patterns.
One is the cycle of large central systems (AKA Mainframes), being replaced by distributed devices and file servers, followed by the three-tier web model, now implemented using shared infrastructure (AKA ‘The Cloud’). One has to wonder, with the power available in upcoming chipsets, will the model ever return to ‘edge first’?
Another recurring theme is the commoditisation of innovation. A product comes out, say some sort of anti-virus or another groundbreaking tech. Adopted early by small companies and extremely large outfits, it is only a matter of time before many of these are used by everyone.
It has long been the case that hacking tools and platforms have been available to rent, evil for sale, so to speak. From the sale of purloined credentials to targeted ransomware, the sale of bad stuff has been rife.
In a reasonably serious development and deviation, Blackberry (remember?), which has been transitioning to a cybersecurity company over the last year or so, has identified a whole distributed crew of hackers for hire, which they have dubbed CostaRicto.
The Modus Operandi of this outfit is the use of apparently never seen before malware to do the usual takeover, lateral spread and data exfiltration, the vector being of course Phishing. This process is now available to hire for the purposes of espionage. This is pretty much nation-state, weapons-grade compromise by the hour to snaffle intellectual property, pre-release pricing information for financial markets etc., the whole kit and caboodle.
Obviously, these vagabonds will be targeted by the people that The Kids in London call ‘The Feds’ (too much screen time any parent will rant!) and we wish them well (The Feds, not The Kids!).
In the meantime, this represents a very credible threat to any business with intellectual property, competitive information or business confidential material, or maybe even materiel in the military world.
If you were to think that business vs business espionage is old hat (obviously having discounted the activities of `nation-states, who are right at it), you would be very wrong – “Know your enemy” said SunTzu in 5BC, like all so-called experts it often takes years of poor judgement by leaders before they are listened to.
In the admittedly cutthroat world of Formula One, technical information was proven stolen, causing much scandal in 2007. There are numerous other examples and there is no doubt that hacking for sale will be utilised by those with avarice and bottomless cavernous greed.
The inevitable commoditisation of hacking skills presents real issues for specific business sectors. Understanding the risk to your business should be a priority.
Tiberium is producing a per sector risk analysis which will include the risk of the hired gun and more. You can register your interest to receive a copy here.
The threat intelligence outfit Red Canary produced a fascinating blog this week in which one of their incident handlers gave an overview of the top 5 attack vectors used by Ransomware and other attackers:
- Email attachments – Phishing/Spear Phishing remain the primary routes into any infrastructure using attachments (or embedded links).
- External facing assets – Particularly if they run RDP or SMB. We have seen numerous successful attacks like this against External facing assets known about but unpatched and assets not known about at all – more common than you might think, through staff churn, poor record-keeping or acquisition of another company (think TalkTalk).
- Process injection – Red Canary’s number one observed technique across all customers.
- Inventory asset management – A lot of organisations do not know what they have, where and the state of patching, which causes utmost confusion during a breach.
- User error – such as misconfiguring cloud environments.
Not wanting to steal RedCanary’s thunder, we suggest that you read the blog which includes mitigation recommendations.
There is some good news! Tiberium’s Hybrid SOC environment can identify and, in many cases, mitigate all of these risks with straightforward deployment and operation.
As ever, we would very much like to demonstrate our solution to you. If you are interested, please contact us here.