Go hack yourself: How to thwart network hacks by cybercriminals, like Iran’s state-sponsored Pay2Key attacks
Originally posted on The Times of Israel
Whether motivated by geopolitical power, personal gain, or mere curiosity, cybercriminals are currently embracing a renaissance. Like drifting bandits in the once-lawless American West, hackers are striking corporations and individuals with relative impunity. There’s no shortage of incidents to point to; the spate of Pay2Key ransomware attacks on Israeli companies at the end of 2020 by state-sanctioned Iranians hackers serves as a recent example of such activities.
What we know today is that social engineering, email phishing, unpatched firewalls, password stuffing, malware and ransomware make up the bulk of these attacks. And it goes without saying: leaked data can be costly. Today the average cost of a data breach is nearly $4 million. Larger corporations aren’t the only targets. Nearly half of all network breaches target small businesses that simply can’t afford to absorb these losses.
Unfortunately, you don’t need to hold a doctorate in Computer Science from MIT to learn how to identify and take advantage of network vulnerabilities and cause widespread damage to companies and individuals. Look at the Fortinet VPN hack, for example. With 50,000 hosts representing hundreds of thousands of compromised accounts belonging to some of the world’s largest banks, telecoms and government entities released into the Dark Web, even the weekend hacker has the intel and direction needed to cause destruction.
There’s much to be learned and applied from these hacks, however. So, while it’s unlikely we’ll be able to eliminate these incidents in their entirety, there are ways we can mitigate network breaches.
Preventing lateral movement
Lateral movement is a technique used by cybercriminals to dig deeper into a network in search of sensitive data and other valuable assets. Once they’ve gained access to a network, hackers will typically maintain ongoing access by moving through the network and obtaining increasingly elevated levels of privilege.
There are a variety of steps that, when used in conjunction with one another, can help to prevent lateral movement. Critical among these steps is implementing adaptive network access controls. “Adaptive” effectively means several things: (1) you can monitor the risk posture of connecting devices and block/allow access based on the perceived risk level; and (2) you can block/allow access to the network based on a user’s geolocation. These types of adaptive access controls, when paired with MFA — multifactor authentication — and strong password policies, can help to fortify your network.
Segmenting the network
Network segmentation is the practice of dividing up a network into smaller parts, in which only assigned people have access to different parts of the network depending on their role and responsibilities. Network segmentation effectively reduces a cybercriminal’s vantage point into your larger network.
Segmenting your network can be done broadly or granularly. In effect, you want to be able to ensure that application and resource servers do not trust one another, and that any attempt to cross between them requires MFA, adaptive access control and session monitoring. Implementing microsegmentation means looking at the context of the user or device – their role, location, application, etc. – and defining access privileges based on that holistic profile.
Where to go from here
There’s a lot to unpack here. At the end of the day, to truly mitigate network breaches requires implementing a network access control (NAC) solution that can discover, authenticate and segment users across the network, while monitoring the risk of their connected devices, remediating those devices in real-time should they fall out of compliance. By leveraging NAC, organizations can deter further exposure, potentially saving themselves millions of dollars in the process.