[BreachExchange] 5 Ways Hackers Can Breach Your Company Undetected

Audrey McNeil audrey at riskbasedsecurity.com
Fri Feb 23 10:20:28 EST 2018


Security breaches are, quite unfortunately, a common presence in corporate
environments. Even companies making effective use of the most recent
security solutions such as next generation firewalls, advanced threat
protection and security incident and event management (SIEM) systems are
not an exception. There are several ways you may be breached and not know
about it.

Here are some practical examples and the best methods to deal with them.

1. Unknown Software & Hardware Vulnerabilities

It is quite simple, most vulnerabilities can remain unknown for months or
even years before being made public and patched. That was the case with the
Meltdown and Spectre attacks, a pack of vulnerabilities in CPU hardware,
discovered by Google researchers in June of last year and released to the
general public in January 2018. Meltdown and Spectre made it possible for
attackers to read the memory content of compromised computers, including
passwords and sensitive data stored on the system.

The fact is, this vulnerability affected most CPU hardware from the last 10
years, and even though there is no confirmed case of exploitations in the
wild so far, this does not mean cybercriminals and even government agencies
could not have been taking advantage of it for the last decade.

Unfortunately, there is no way of dealing with an unknown security flaw
other than following basic advice: maintain systems updated with latest
security patches and keep an eye on the latest news regarding new

2. Intentional or Unintentional Insider Threats

Insiders should never be regarded as a secondary threat when compared with
other incident sources, such as cybercriminals. For instance, when not
properly trained, employees can be prone to accidental errors such as
sending an email message to the wrong recipient, sharing sensitive
information in a public place, like a social network, or falling victim to
an attack such as social engineering or phishing. All of those could go
unnoticed for a long period of time.

It is also important to consider that there are insiders that would
willingly commit a violation or even a crime. For example, an employee
intending to leave the company could try to copy confidential files to a
USB drive, even if it goes against the security policy.

A mix of endpoint protection solutions (e.g., antivirus, USB control) and
technologies such as a Data Leak Protection (DLP) system, complemented by a
SIEM and an experienced incident response team, is a great option in this
situation. Aside from that, an excellent approach to reduce insider risk is
creating a security awareness program for educating employees on basic
security principles and policies adopted by the company.

3. Third-Party Security Vulnerabilities

Third parties are someone you must entrust with corporate data, like a
business partner, a Cloud service provider or even an individual
consultant. Should a data leak occur when your data is in the possession of
a third party, chances are you will not know.

For third-party personnel working within the company boundaries, aside from
the previously mentioned security controls, consider having special rules
for outsiders, such as limiting connections to a specific network segment
with limited access (or even better: no access whatsoever) to corporate
servers and endpoints. Physical controls should also be applied, including
limiting access to restricted areas, the use of identification badges and
inspecting backpacks and briefcases if necessary.

For cases where the data is stored or handled outside the company, there
are several options for dealing with the third-party security risks,
including having explicit security terms on contract, such as making a leak
notice mandatory once it is detected, enforcing requirements such as
encryption and data leak prevention, asking for an incident response team
and retaining the right to audit the third-party infrastructure.

4. Rouge Encryption & Unintended Consequences of Encryption

Encryption is probably one of the best security controls, as it allows
sensitive data to be securely transmitted over unsecure networks. The
problem is, it also works the other way around! As most Internet services
such as browsing, instant messengers, email and Cloud storage already
enforce strong encryption, it may be hard to control when sensitive data is
leaving the company. Even worse, encryption is also widely adopted by
malware for communicating with command and control servers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180223/40596fd7/attachment.html>

More information about the BreachExchange mailing list