Last year, the global IT security industry spent over $70 billion and produced over 80 categories of products to protect digital assets — from firewalls to anti-malware, encryption to SEIM, and more. Yet, 2014 saw more attacks than any time in history, including a well-orchestrated and destructive attack on Sony by a nation-state.
This was not the first attack of its type by a nation-state, nor was it the most innovative. It was, however, the first major destructive attack on a U.S.-based corporation. It served as a chilling reality check that adversaries are willing, able, and highly motivated to use cyber-attacks to advance their agendas. So what can we learn from that massively destructive breach? In this month’s CSO Magazine, Dmitri Alperovitch, co-founder and CTO of CrowdStrike, shares some lessons learned from Sony’s cautionary tale. He details how the adversary went about conducting the attack, the technologies organizations can use to protect against similar wiper viruses, and the shift in thinking that is necessary to combat today’s adversaries.
When asked if the attack could have been prevented, Alperovitch explained that the adversaries began by embedding administrator credentials allowing them to go unnoticed as insiders and making detection difficult.
“If you don’t have the right types of detection tools on your network, sophisticated adversaries can within hours achieve their objective of obtaining the highest level of access on your network and proceed to implant themselves for the long haul,” explains Alperovitch. This gave them the ability to move freely and stealthily around the network to achieve their ultimate objective, in this case to steal data and drop a wiper malware payload deleting massive amounts of data.
How should organizations protect themselves? Alperovitch explains:,
“Everyone is a target, you must be prepared by assuming that your network is already compromised …You must focus your efforts on hunting for potential adversaries on your network, leveraging intelligence about who is likely to target you and the tradecraft they may employ. Moreover, you can’t just focus on looking for or blocking of malware because an adversary doesn’t necessarily need to employ malware to achieve their objectives.”
What we’ve given you here is just a taste of Dmitri’s insights. To read the full article jump on over to CSO here… To learn even more about attacks designed to wreak havoc on corporations, view a recorded CrowdCast showing a live demonstration of the malware used to target Sony– A New Era of Cyber Attacks: See Corporate Destruction in Action.