All attacks begin with a goal, your adversaries have set out to steal, destroy, and reveal your business. The scope and strength of their attacks are a function of their goal. A programmer might devise a bot that scours the open internet for unprotected cameras, spreadsheets, control systems, and file storage. While their goal may be an almost innocent diversion, one might simply adjust their search for anything matching the sixteen digit pattern of credit cards. Or highlight any compromised cameras whose meta information indicates their real world address is a bank, warehouse, pharmacy, or other valuable location.
Simple attacks like these cause widespread damage, the 2017 WannaCry attack had a significant impact on the UK’s National Health Service.
“The WannaCry cyber attack had potentially serious implications for the NHS and its ability to provide care to patients. It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.” -Amyas Morse, head of the National Audit Office
Combatting the many, constant and varied simple attacks is a concern of everyone connected to the internet. But when the goal of the cyber criminal is your business, their attacks become complex. In 2020 multiple cyber attacks were coordinated to gain illegal access to Microsoft, SolarWinds, and many of SolarWinds clients including multiple U.S. government agencies.
Vulnerabilities in Microsoft’s cloud services and authentication protocols were probed which led to access to SolarWinds infrastructure. SolarWinds had about 33,000 customers for their Orion platform which monitored, analyzed, and managed client networks. The attackers then spent months clandestinely inserting their own programming into the Orion platform. Once the hackers payloads were distributed they benefited from the interconnectedness on the target networks. The information collected for the attackers was stored on Amazon, Microsoft and other trusted hosts, obscuring the fact the information would eventually end up with foreign hackers. The trust and permission afforded to the Orion Platform also allowed the cyber criminals access to certificates and authority that didn’t raise many suspicions. Finally the attackers were very patient with their attack, they began with small changes to test the response of the compromised systems.
“The tradecraft was phenomenal,” said Adam Meyers, who led the cyber forensics team that pawed through that tainted update on behalf of SolarWinds, providing details for the first time about what they found. The code was elegant and innovative…” -NPR April 16th “A ‘Worst Nightmare’ Cyberattack: The Untold Story Of The SolarWinds Hack”
Cyber attacks happen when the goal of the attacker becomes your business systems. This happens intentionally and incidentally, for financial or political gain. For a business, cyber attacks are an ever present threat. And unlike our businesses, cyber attacks are not constrained by budgets or hardware. Vigilance is the number one factor in protecting from cyber attacks.
When it comes to cyber security, the teams of experts at Infinavate have seen IT all. If you’re looking for instant and long-term guidance, search no further. Contact us today to learn how we can help you create a robust cyber security plan.
Sources