Yesterday when Yahoo reported that the personal information of more than 500 million users was stolen from its network in what it suspects to be a state-sponsored hack, the news leapfrogged this incident into the hacker history books as one of the biggest data breaches on record. It also resurrected typical after-breach-disclosure questions that are on the lips of every Yahoo user: “How did this happen and why did it take so long to discover?”
Like every major breach, the answers will eventually be revealed, but if we’ve learned anything from Target, Home Depot, Anthem, Sony and others, there are some likely scenarios that may play out – one being taken straight from the kill chain playbook.
The Offensive Play Seems to Work Every Time
The offensive team, the bad actors, run a simple play: gain access, elevate privilege, conduct reconnaissance and move around the system. Repeat that as needed until their ultimate goal is achieved.
Like any offensive play, it’s important the setup goes flawlessly. In the kill chain play, gaining access and elevating privilege are two critical steps for a successful hack – making them two primary points of defense.
Let’s look at the “elevate privilege” move first. This means the bad actors are already inside the network. They’ve gained initial access and are working to elevate their privileges so they can access even more sensitive systems and data – typically privileges granted to IT administrators.
These privileged accounts and credentials can provide unfettered access to sensitive data – unless they are managed and controlled – and that is where you can break the kill chain.
But now let’s turn to the “gain access” step – the first and most critical need for a hack.
The Defense Needs You!
In any team sport, there are layers of defense to protect the goal – whether it’s the basket, the goal line or in this case, private information and data. Everyone on the team has to perform flawlessly to protect that goal.
When it comes to the cybersecurity game, just like any team sport, playing the game is a shared responsibility. With every breach reported, we can assume someone, somewhere dropped the ball.
If you don’t think cybersecurity is your shared responsibility, just look at one of the first steps in executing the kill chain play: gain access. In that offensive step, hackers use common techniques such as phishing/spear phishing and other social engineering schemes, aimed at anyone within the target’s ecosystem – whether employees, partners, contractors or customers. This simple, offensive step requires every single person on the defense to be alert and cyber aware.
This week I saw, in an email exchange with someone outside my company, a very simple defensive move against a phishing attack that I thought could be effective, mainly because it made me take notice:
*** EXTERNAL EMAIL: Do not click links or attachments unless you recognize the sender. ***
Could it be that simple? An alert at the top of an external email that automatically gets added to incoming emails? I haven’t asked any additional questions to discover more about that alert, and sure, this wouldn’t stop the emails coming in from compromised accounts within the system, but it seemed like a great start for helping the defensive team to constantly be cyber aware.
October is National Cybersecurity Awareness Month
In one week – October 1 – the United States and Europe will kick off cyber security awareness month. The goal is to inform and educate citizens about cybersecurity and the potential threats, risks and steps they can take to stay safe online.
CA Technologies is a National Cybersecurity Awareness Month champion and will be rolling out information during the month on our social channels, including this blog, @CAInc, @CASecurity, and our Facebook and LinkedIn pages.
If we play good defense, we can win the cyber security game. I encourage you to check out the resources on the National Cybersecurity Alliance site. The information can help educate, inform and remind every player on the team it’s their responsibility to be cyber aware.