Wednesday May 27th 2015

Defending Against Nation-State Cyber Attacks

Defending Against Nation-State Cyber AttacksIf you’ve been following the news over the last 6 months or so, you may have noticed an uptick in articles related to Critical National Infrastructure (CNI) security legislation. You may have also seen more reports of cyber-attacks against a wider variety of targets by entities other than criminal elements seeking financial gain. Why is that?

We are now seeing cyber attacks being utilized by nation states and radical elements to achieve attention, potential physical dominance and access to intellectual property. What previously had only been simple probing of security weaknesses has evolved into actual concerted warfare against real targets that affect real US citizens on a daily basis – more or less. For proof, visit any Internet news source and you’ll see that the victims of these cyber-attacks include financial and government targets, as well as providers of critical infrastructure.

The Rise of Cyber Attacks – What Has Changed?

Cyber attacks have ratcheted up to the nation-state level. At this level of opponent competence, anti-virus/anti-malware products – as well as firewalls and intrusion detection solutions – are a waste of time and money. They’re totally ineffective.

Toady’s cyber attacks are crafted on a per-user basis, but on a mass scale, and are designed to compromise a subset of systems within an organization. The objective is to gain access to the internal network via a set of valid credentials (the higher privileged the better), and then jump from machine to machine gathering more credentials and access.

It appears that the attackers have a good understanding of common IT security weaknesses such as default passwords, blank passwords, common passwords, shared passwords, and the use of public password spreadsheets on shares.

I’ve also seen use of the pass-the-hash technique to allow attackers to utilize in-memory credentials to achieve connectivity to other systems.

Stay Ahead of Cyber Attacks with Privileged Account Management

If an organization regularly changes passwords, keeps credentials unique for each system, and automates the management of privileged account passwords so that there is minimal disclosure for a limited amount of time for a specific purpose, then the threat is minimized.

With this in mind, I’ve seen some very interesting outcomes from my company’s customers. Some of our customers who are under active 7/24 attack have begun using our privileged identity management products to rotate all passwords every 8 to 24 hours. This has created a nasty problem for attackers: not only are they limited to only one compromised system, but even this access is terminated automatically.

Just to be clear, I am not suggesting that every organization adopt the strategy of continuous high-frequency password changes. But for some of our customers, the ability to keep nation-state attackers at bay by frustrating their attempts has been a very satisfying outcome for us all.

Thanks for reading. I’d like to hear your take on this issue. Please leave a comment below.

You can follow us on Twitter.

Reader Feedback

3 Responses to “Defending Against Nation-State Cyber Attacks”

  1. Meanwhile the Wall Street Journal announced it had carried out a complete overhaul of its systems after discovering it too had been the target of China-based cyber attacks.

  2. Bud X. Tran says:

    Estonia is a small Baltic country that used to be part of the Soviet Union. On April 27th, 2007, the Estonian government moved a Soviet-era memorial to the Soviet soldiers that fought in WWII from a prominent location in downtown Tallinn to a military cemetery in the suburbs. This was a very contentious issue between Estonia and Russia. In the days that followed, Estonian institutions, both governmental and non-governmental, were targeted by a wave of cyber attacks — predominantly DDoS attacks. This was really an attack on the network infrastructure of the whole nation.

  3. […] a wealth of automated hacking tools at the disposal of nation-nation state attackers and other professional hackers, most networks are under a constant barrage of attacks. And when you […]

Leave a Reply

4 + = seven