Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Network Security

// // //

The New Nation-State Normal

Cyber attacks sponsored by nation-states are here to stay. If you want your organization to be here to stay, you'd best prepare for the worst.

<p.When it comes to weapons, military organizations lead the way. Look at any weapon currently used in civilian law enforcement, personal protection, hunting or sports, and you'll see something that can trace its roots back to the battlefield. That same progression has made its way to the networks and computers on which we work.

If you've looked at the news in the last six month or so, you know that there is compelling evidence that hackers in, or sponsored by, Russia launched a sustained attack against the US federal election in 2016. In December 2016, the power grid in Ukraine's capital Kiev was hit by hackers from Russia in a successful attack that disrupted power to the city for two days. According to a superb article in Wired, the attack in Ukraine was just a taste of what we should now think of as the "new normal."

What, precisely, are security professionals to make of all this? The general public seems split between two responses. Either they're taking their panic in the direction of off-grid "prepper" bunkers away from the Internet and the coming collapse of civilization, or they're pretending nothing is happening because it's so scary and complex that they just can't think about it. Security professionals don't really have the option of doing either, so what is to be done?


Want to learn more about how LTE-A Pro and Gigabit LTE will impact the 5G market? Join us in San Francisco for LTE Advanced Pro and Gigabit LTE: The Path to 5G event -- a free breakfast collocated at Mobile World Congress Americas with a keynote address by Sprint's COO Günther Ottendorfer.

I think the first thing to do is decide whether your organization is likely to be a direct target of nation-state attacks. To be honest, if you're in a business like critical infrastructure then you've already got plans in place to fend off and respond to the kind of hacks that take down power grids and financial systems. The real urgency comes for businesses that aren't obvious targets. There are three levels of concern with a different set of responses for each.

Level 1: The critical infrastructure you depend upon is hit
So you're not a bank or an electric utility but you probably use the services of at least one of each, and your business would suffer if you couldn't use those services. How do you prepare? Redundancy is your friend. And remember, we're not just talking about multiple paths into a single point of failure: While you're always going to have primary relationships in finance and other services, have secondary providers in place with as much geographical and logical space between primary and secondary as possible.

For the electric power grid, by the way, this means that your secondary is a generator with a lot of fuel and a careful maintenance plan. For internet access, it's a second provider that uses a different upstream provider than your primary. And your secondary bank should be part of a different Federal Reserve region than your primary. When it comes to redundancy planning, paranoia is a virtue.

Level 2: You're not a direct target, but you become "collateral damage"
Some cyber weapons are sniper-like in their precision. Others are more like shotguns or hand grenades. If the second type of weapon is in use, then your systems could be hit and damaged even if they're not the primary target. To prepare yourself, make sure you have a solid backup and recovery plan and look carefully at business continuity services with a well-defined "big red switch" for moving your operation.

It should be noted that most of the "big hacks" take advantage of un-patched vulnerabilities that have existed for some time. In most cases, the vulnerabilities have been patched, but the victims have not applied the patches or updates. Your strategy: Patch and update as quickly as possible. If you have critical applications that depend on particular features of older operating systems, then have an emergency sandbox procedure in place to allow for rapid trial and updates. And for heavens sake, have your perimeter defenses in place and up to date. They really do matter.

Level 3: You become a direct target
Welcome to the big league! You're going to be fending off a zombie horde with nothing more than your pluck and spunky determination, so hunker down and get ready. Assuming you've done everything mentioned in levels 1 and 2, then your call here is to partners: Your ISP, your CASB provider and your cloud partners. Let them know what's going on (though they'll likely know that somethingis wrong), and enlist their help in fighting it. Better yet, have plans in place to call on them and rehearse those plans a couple of times a year.

While it's unlikely that you'll escape completely unscathed if you find yourself a target, you can minimize the damage and keep the business afloat; you just have to plan for the worst and be willing to declare an emergency as early as possible. Don't let pride become the anchor that sinks you in a nation-state cyber storm.

— Curtis Franklin is the editor of SecurityNow.com. Follow him on Twitter @kg4gwa.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-42247
PUBLISHED: 2022-10-03
pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
CVE-2022-41443
PUBLISHED: 2022-10-03
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.
CVE-2022-33882
PUBLISHED: 2022-10-03
Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code.
CVE-2022-42306
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.
CVE-2022-42307
PUBLISHED: 2022-10-03
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.