Investigating the Autopsy of a Targeted Cyber Attack
Nov 25, 2016 08:37
A hacking group known as ‘Hacking Team’ posted a detailed overview of how a specific Italian firm was hacked into, on a public forum. Reading the hacking details was a fascinating analysis on its own, but the autopsy of the targeted attack is a definite must for every organisation that manages data security or supports a security policy in place.
Looking into the outline and procedures laid down by the hacker group, a security leader in an organisation who has concerns about such types of attack can look into how the ‘next’ attack can be prevented. If an organisation has suffered a similar data breach in the past, it should look into the following:
• Re-configuration of its common enterprise monitoring tools • Amendments made to log monitoring • Enhancements needed in alert analysis • Augmentationsin its vulnerabilities scanning
In addition to addressing 'if' an attack can take place, a security leader must also ask 'when' the next attack would take place. Once a hacker gets inside a company network, it can manage to cut through digital files, sensitive information and company infrastructure with ease. It is highly important that the inner workings of an organisational infrastructure are safeguarded.
The implementation of firewall logs can provide enhanced warnings of later breaches that are likely to take place. In addition, all software must be appropriately updated and patched in order to prevent vulnerabilities within the network management system. In most cases, data breaches take place because management networks and backup are not segregated as they should be which calls for a clear and demarcated creation of management and operational networks, in order to protect data and organisational infrastructure, particularly when the management network calls for administrative privileges.
One of the greatest challenges every organisation with a data security policy in place is to monitor those individuals with privileged facilities. A number of companies, particularly government related, need security clearances in order to safeguard from insider hazards. In spite of providing privileged users with accounts, it is important to monitor such users’ uses as well as their workstations. This is not because the privileged users are untrustworthy, but for their own protection and to ascertain that they are not being watched by key loggers, phishers, network sniffers and cyber terrorists.
Whenever intellectual property is a target, it is observed that a lot of data gets ex-filtrated. A data protectionor data loss prevention (DLP) solution that is effectively implemented and monitored can greatly diminish the possible and likely impact of a data breach or a document infringement attack.
Every organisation must ensure that necessary steps are taken to strengthen existing data encryption and protection matters on digital files in order to prevent a data breach. More and more organisations must review basic processes and procedures such as the setting of passwords for documents and email attachments-things that normally do not raise eyebrows or are taken notice of due to lack of time, resources or technical information. All security processes must be regularly and periodically scrutinised and reviewed by IT security so that organisational data or customer information is protected at all times.
Author Bio: Carol is a freelance technology writer. Currently, she is working for Locklizard, a reputed DRM technology provider. Please check their website www.locklizard.com for information security guides and document security papers.
With the ease of internet access, ransomware has become one of the major threats in businesses, including big companies. When the malware attacks, it encrypts your important data such that you can’t access it unless you pay the ransom. The hacker expects you to pay the amount of money they specify in exchange for the decrypting key. Ransomware can cripple a business, and the consequences are fatal. So, if you find yourself a victim of ransomware, here are the first steps you need to take. Read more
With the never-ending increase in this pandemic, people are struggling in all sorts of ways. Many have had their businesses shut down, and many are struggling to help their companies survive this wave of the Covid-19 virus. When everything shut down, people started making an appearance with their businesses online. It gave them a chance to sell their products online to people by putting them out there and promoting their products and packaging boxes. Read more
Free samples usually help the launch of a product in the market, with the aim that the consumer knows it and is interested in it, either at that very moment or moments after its test. Likewise, this tactic is used within industries that have a high level of competition, where standing out as a new firm can be a difficult task to carry out. Read more