Decision and policy makers, many times, are not aware of the modern environment that is being characterized and described by the extensive use of Information Technology, Computer Science and lately, by the use of Social Networks. There are several organizations, like financial institutions, military – civilian cooperation agencies and most of all security organizations that are increasingly aware that any network or single PC connected to the internet is potentially subject to cyber disruption and technical risk.
They’re learning, in the hard way, that cyber disruptions can happen to any one, no matter how strong their network security can be. And it is a common secret, that these risks can threaten their entire working environment and even more their daily life in work. Additionally, a significant amount of personal data that is exposed in the internet can be a potential step to working environments, due to the exposure of individuals to social networks, without any data security policy. Let’s take a simple example: Almost all individuals are using their birth date in social networks and many people use this specific four digit number (DDMM) as security pins and even more a combination of this and names or nick names that are also in public view. An experienced cyber attacker may use a set of these data in order to break some codes in a trading firm where a number of people, connected in social networks, work for it. How many trading firms have more than three levels of security in their systems connected to the internet? I suppose not many of them. And if we ask how many of them use cyber defense protocols then I suppose that the number will decrease dramatically. The most common cyber attacks in trading firms, are working like this: They penetrate the network though the use of an IP address of the proxy server which can copy, regenerate, encrypt and put files back to the firm’s server asking for money to decrypt the encrypted files, which most of times are on the firm’s server desktop. Easy to do and handle it. As soon as the firm pays for this procedure they come back asking for money in order to protect the firm from other cyber attacks.
There is no technical way, which ensures that software solutions can protect up to 100% data and networks when a LAN or WAN is connected to the internet. This is something that many companies that selling services and software for cyber security are advertising as the total solution trying to sell their products and services to people who know nothing or just some things regarding cyber security. And there are many of them, especially in the banking and investment operational areas. Even though they have IT consultants, system administrators and experts, they prefer to listen to the people that offering the the “total” protection.
The only 100% secure way to avoid cyber attacks is not to be connected to the internet. Otherwise there is always the danger to be attacked, hacked and even more e-robbed. On the other hand, internet is the ultimate tool through which 90% of our working, social, scientific and trading activities are been supported. The idea is that different levels of security are needed for different kind of activities. But first let’s see what a cyber attack actually is.
Advanced cyber attacks target specific individuals, organizations and agencies to steal data, copy data or destroy the network structure. They use multiple vectors, including web, email, and malicious files in order to dynamically adapt to exploit zero-day and other network vulnerabilities, as they have described them through “watching” the targeted networks for some time, usually 1-2 weeks or even less, depending on the security level and cyber protocols (if there are any of them). Advanced cyber attacks succeed because they are carefully and detailed planned, methodically and patiently executed. Malware used in such attacks follow more or less the next steps:
- Settles into a system either by the system’s admin’s or without it
- Tries to hide, usually behind adds or other “harmless” applications
- Searches out network vulnerabilities patiently and carefully
- Disables network security measures following a methodological route in order to gradually reduce the system’s security tools (f.e. antivirus)
- Infects more endpoints and other devices
- Calls back to command-and-control (CnC) servers
- Waits for instructions to start extracting data from the network
By the time most organizations realize they’ve suffered a data breach, they have actually been under attack for weeks, months, or even years, without having the slightest idea of what was going on. Most traditional defense-in-depth cyber security measures, such as AV or extra advanced firewalls, fail to use signature- and pattern-based techniques to detect threats, and don’t monitor malware call backs to CnC servers. Advanced cyber attacks take many forms, including virus, Trojan, spyware, rootkit, spear phishing, malicious email attachment and drive-by download. The most important issue in order to properly protect against these attacks, is that system administrators must monitor the entire cycle of the attack, from delivery, to call backs, reconnaissance, data ex filtration, encryption – decryption processes, even coding and decoding when this is possible.
The problem is that there is no secure method for avoiding a cyber attack. Attacker will have always the advantage of having better know how and surprise the defender. One of the best practices for avoiding not the attack by itself, but the unpleasant results coming from it, is training. All PC users (connected or not connected to the internet) that are working for an agency, organization, firm or even small enterprises need to have a certain level of knowledge regarding what a cyber attack is and which are the main tools that usually used for it. Additionally, network and systems administrators need to follow a daily security policy and also to back up very often the crucial data and keep them away from the internet.
Training via simulation for cyber attacks is a solution that sustains a time and cost effective mean for facing cyber attacks. There is a significant number of software for cyber defense training, but most of them are useless because of their incapability to be used by non experts. On the other hand, cyber security training software in addition to a methodological process can provide advanced training solutions. Exercises are the most secure way to achieve high level of training in cyber security issues and even more to enhance the capability of simple users to understand the cyber attacks framework and their own optimum reactions.
MSETT has been working with cyber defense experts for a long time and its personnel has a remarkable level of know how regarding cyber security issues and even more crypto networking capabilities for ensuring safe data connections during training and operational activities. Having a unique knowledge for hardware and software solutions that can provide certain networking security level and they can support training and planning cyber defense activities. MSETT also provide service oriented training solutions, by choosing the proper tools for every single client, including networks simulation software for advanced cyber security training. For more info and details you can contact directly MSETT officials (www.msett.co.uk) or send an e-mail in firstname.lastname@example.org.