Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Network Security

6/26/2017
07:00 PM
Curtis Franklin
Curtis Franklin
Curt Franklin
50%
50%

The New Nation-State Normal

Cyber attacks sponsored by nation-states are here to stay. If you want your organization to be here to stay, you'd best prepare for the worst.

<p.When it comes to weapons, military organizations lead the way. Look at any weapon currently used in civilian law enforcement, personal protection, hunting or sports, and you'll see something that can trace its roots back to the battlefield. That same progression has made its way to the networks and computers on which we work.

If you've looked at the news in the last six month or so, you know that there is compelling evidence that hackers in, or sponsored by, Russia launched a sustained attack against the US federal election in 2016. In December 2016, the power grid in Ukraine's capital Kiev was hit by hackers from Russia in a successful attack that disrupted power to the city for two days. According to a superb article in Wired, the attack in Ukraine was just a taste of what we should now think of as the "new normal."

What, precisely, are security professionals to make of all this? The general public seems split between two responses. Either they're taking their panic in the direction of off-grid "prepper" bunkers away from the Internet and the coming collapse of civilization, or they're pretending nothing is happening because it's so scary and complex that they just can't think about it. Security professionals don't really have the option of doing either, so what is to be done?


Want to learn more about how LTE-A Pro and Gigabit LTE will impact the 5G market? Join us in San Francisco for LTE Advanced Pro and Gigabit LTE: The Path to 5G event -- a free breakfast collocated at Mobile World Congress Americas with a keynote address by Sprint's COO Günther Ottendorfer.

I think the first thing to do is decide whether your organization is likely to be a direct target of nation-state attacks. To be honest, if you're in a business like critical infrastructure then you've already got plans in place to fend off and respond to the kind of hacks that take down power grids and financial systems. The real urgency comes for businesses that aren't obvious targets. There are three levels of concern with a different set of responses for each.

Level 1: The critical infrastructure you depend upon is hit
So you're not a bank or an electric utility but you probably use the services of at least one of each, and your business would suffer if you couldn't use those services. How do you prepare? Redundancy is your friend. And remember, we're not just talking about multiple paths into a single point of failure: While you're always going to have primary relationships in finance and other services, have secondary providers in place with as much geographical and logical space between primary and secondary as possible.

For the electric power grid, by the way, this means that your secondary is a generator with a lot of fuel and a careful maintenance plan. For internet access, it's a second provider that uses a different upstream provider than your primary. And your secondary bank should be part of a different Federal Reserve region than your primary. When it comes to redundancy planning, paranoia is a virtue.

Level 2: You're not a direct target, but you become "collateral damage"
Some cyber weapons are sniper-like in their precision. Others are more like shotguns or hand grenades. If the second type of weapon is in use, then your systems could be hit and damaged even if they're not the primary target. To prepare yourself, make sure you have a solid backup and recovery plan and look carefully at business continuity services with a well-defined "big red switch" for moving your operation.

It should be noted that most of the "big hacks" take advantage of un-patched vulnerabilities that have existed for some time. In most cases, the vulnerabilities have been patched, but the victims have not applied the patches or updates. Your strategy: Patch and update as quickly as possible. If you have critical applications that depend on particular features of older operating systems, then have an emergency sandbox procedure in place to allow for rapid trial and updates. And for heavens sake, have your perimeter defenses in place and up to date. They really do matter.

Level 3: You become a direct target
Welcome to the big league! You're going to be fending off a zombie horde with nothing more than your pluck and spunky determination, so hunker down and get ready. Assuming you've done everything mentioned in levels 1 and 2, then your call here is to partners: Your ISP, your CASB provider and your cloud partners. Let them know what's going on (though they'll likely know that somethingis wrong), and enlist their help in fighting it. Better yet, have plans in place to call on them and rehearse those plans a couple of times a year.

While it's unlikely that you'll escape completely unscathed if you find yourself a target, you can minimize the damage and keep the business afloat; you just have to plan for the worst and be willing to declare an emergency as early as possible. Don't let pride become the anchor that sinks you in a nation-state cyber storm.

— Curtis Franklin is the editor of SecurityNow.com. Follow him on Twitter @kg4gwa.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.