What You Don’t Know About Network Defenses Can Definitely Hurt You

December 23rd, 2016

defense.png

Hackers have many avenues to choose from when it comes to attacking your organization, the most obvious of which is breaking in from the outside, or attacking your network’s perimeter. But they also can choose to attack from the inside-out by targeting your employees and internal weaknesses.

Cyber criminals use tactics like password attacks, session hijacking, exploiting application vulnerabilities and leveraging malware to gain unauthorized access to your network. Once inside, they steal, delete or distort confidential data, and often alter or disable security features to enable larger future attacks and avoid detection.

As revealed in Verizon’s 2016 Data Breach Investigations Report—a yearly study composed of findings from law enforcement agencies, forensic services firms and other entities—external threat perpetrators have been responsible for at least 75 percent of confirmed data breaches in each of the last six years.

To help protect your network, all employees—from the top down—should learn to spot the signs of a possible attack or breach, from suspicious emails and system modifications to unusual network glitches.

Here are some examples of the possible tools in an attacker’s arsenal:

  • Session hijacking: occurs when an attacker hijacks a network session shared by two systems by masquerading as one of them.
  • Password cracking: involves identifying the password of a user or administrator to gain system access.
  • Denial of Service (DoS) attacks: bombard a system, causing it to crash or deny access to legitimate users.
  • Web-application attacks: hackers exploit weaknesses and/or security flaws in a web application, possibly leading to the compromise of the host device or internal network.
  • Malware: includes ransomware that encrypts your files on the network drives and demands payment of a “ransom” to decrypt them; rootkits that embed themselves in your computer’s software, replacing legitimate software or hiding malicious ones; and remote access trojans (RATs), disguised as legitimate programs, but giving attackers an open door into your network.

Toughen Your Defenses with Vulnerability Assessments and Penetration Testing
Two crucial types of security testing offer financial institutions the best protection against these threats: vulnerability assessments and penetration testing. One is focused on finding as many vulnerabilities as possible, while the other can reveal the impact of an attack rather than theorizing about it, and also ensure that controls work as expected.

A vulnerability assessment is designed to yield a prioritized list of the environment’s vulnerabilities, and works best for institutions that already understand they are not where they should be in terms of security. However, recent guidance outlines the importance of regularly performing vulnerability assessments on your network. The scope, in industry terms, is breadth over depth.

This type of assessment, which helps ensure compliance with Gramm-Leach-Bliley Act data guidelines, can be performed using a remote scanning device—configured by a certified provider—that is plugged into an organization’s network. The device scans the entire network, including hardware and software, and performs internal vulnerability, patch management and port-scanning functions.

The provider can then analyze the data and prepare a detailed report with recommendations for securing your network.

By contrast, a penetration test’s ethical hackers seek to achieve a specific, attacker-simulated goal. A typical goal could be to gain access to the internal network and compromise a privileged account, or obtain the contents of the customer database. The test determines whether a mature security posture can withstand an intrusion attempt from a hacker. Here, the scope is depth over breadth.

A thorough penetration test consists of these elements:

  • Reconnaissance: Entails learning about the target using little or no interaction with their systems. This compares to a burglar watching a neighborhood to determine the patterns of its residents as well as their types of possessions and whether they have security systems. Reconnaissance includes Internet searches, website reviews, IP block information and domain name system (DNS) interrogation.
  • Scanning: The first major contact with the target’s systems, which involves looking for potential openings. This is likened to a burglar rattling doorknobs and checking for unlocked windows. Scanning includes network mapping, port scanning, operating system (OS) fingerprinting, service detection and vulnerability scanning.
  • Gaining Access: This is where the hacker comes in, with an attempt to compromise the system. This step is similar to the burglar breaking into the home using the most vulnerable door or window. Gaining access features password and web application attacks and the exploitation of vulnerable software and configuration flaws.
  • Maintaining Access and Covering Your Tracks: Performed only upon successful penetration into the institution’s network. It should be noted that many organizations forego these steps because they involve manipulating systems, applications and files.

It is crucial for your financial institution to maintain cyber-resilient networks and systems. The costs of disrupted business, reduced customer confidence, fines and lower profitability resulting from an attack are simply too great.

TylerLeet

Tyler Leet is director of risk and compliance services at CSI.