In 2007, the UK’s Daily Mail ran a story related to the concerns that certain groups had in relation to the extension of the Schengen Agreement that allows free movement across a number of borders within the EU.
At that time, the union representing Germany's frontier officers had called for a massive protest to stop what it called "the insanity of Schengen", and demanded increased, not relaxed, vigilance on the country's borders.
The union was concerned about the likelihood of an increase in criminals and illegal migrants entering the bloc. The national representative was quoted as saying, "The insanity must have an end. This is about more than jobs, it is about public security."
Fast forward to 2012 and Denmark, which held the EU presidency, released a discussion document entitled ‘A Safe Europe – Cross-Border Crime’, in which it urged for the need to tackle cross-border crime.
As if describing the internet, it stated: “Mobility for people and goods has helped to increase personal freedom and generate economic growth, but this openness and free movement have also created new challenges – especially in the form of cross-border crime.”
The internet is effectively borderless, other than in countries such as Russia and China where the government controls the infrastructure. China’s principal tool, which is known as the Great Firewall of China, effectively enables the PLA to disconnect China from the internet.
However, in the West, there is effectively no protection of the infrastructure since it is managed by private enterprises – even the infrastructure used by government. Yet censorship laws make it difficult for any national authority or ISP to simply shutdown or block traffic due to our individual rights – in much the same way as any country that has signed up to Schengen cannot take the unilateral decision to close their borders.
Reconnaissance and surveillance
Someone recently described the internet as the digital equivalent of the Wild West. There is no law and order, and weapons are freely available for all and sundry. Criminal organisations offer botnets for rent, and malware for sale.
For most, it’s simply a case of unleashing hell on the unsuspecting grandparents who are so happy to buy the grandkids presents on the net – but for others, it is the targeted accounts on businesses, infrastructure, and government.
And using these tools they proceed to gather as much open source intelligence as they can, and then they move on to identifying devices, networks, systems, open ports and services, operating systems, and then vulnerabilities.
As seen with the NSA, surveillance is a whole other issue. Whether dealing with the legal rights of an employer to snoop on staff, or of a government to snoop on citizens, the challenge is how to defend against the attacks, whether they are DDoS or APTs?
Today it is impossible to avoid surveillance in cities like London, where cameras cover virtually every road in the city, and while people appear to accept this as a reasonable price to pay for our security, there is a very different attitude to internet surveillance. And yet we are faced with the same challenges in the virtual world that we find in the physical world.
Keeping it simple is essential. If you lost the key to the front door, the first step is not to install a burglar alarm. Simply change the locks.
And the same applies to cyber security. Although there are many areas that need protection, security experts agree that an effective password policy to control privileged access is essential.
Removing high-level privileges is also critical, such as the ability to add ourselves to the list of legitimate users. Both Unix and Windows make it very easy to create privileged accounts, but additionally to add additional access to applications, networks, and any number of other systems in the environment.
This was the method used to breach TJX where the hackers added accounts on internet accessible applications in order to access the information that they wished. Once this point is reached, the original vulnerability is no longer relevant. They arrived initially at the open backdoor but now they’ve opened the front door.
But simply adding a password management system is not in and off itself going to help, in spite of the claims of several vendors. Organisations need to be in permanent discovery mode for modifications to services, tasks, registries, and be able to respond quickly to any unplanned modifications. And this should be done on all systems that have access to the infrastructure. Additionally, the disabling hardware functions such as USB interfaces, or simply moving to the ‘dumb terminal model’ for systems that access highly sensitive data.
Hackers don’t sell professional services
Whatever the attack vector, malware and APTs share a common theme: there is no need for you to buy professional services.
It should not be that security should be viewed as simply a moneymaking opportunity for someone else; end-users should avoid like the plague any supplier whose PS costs exceed the technology costs. By the time it’s implemented, it will likely be redundant (assuming it ever gets implemented).
A single piece of malware can be deployed to tens of thousands of systems in minutes, and infect a complete enterprise in a matter of days. Organisations need to focus on being able to deploy effective defense in a similar timeframe, otherwise it may be too late.
Sourced from Calum MacLeod, VP of EMEA, Lieberman Software