Security companies have taken on a new and innovative approach in the protection of proprietary corporate information. Traditional security approaches aren’t viable, even though higher dollar amounts are being invested. Attack Path Mapping or APM is a risk assessment as security departments see that the cybercriminals are making use of a shadow access via an alternative infrastructure. A company’s data is their “crown jewels” and Attack Path Mapping helps to identify the most likely avenues that hackers will attempt to breach and taking steps for protection.
In a ZDNet article, they describe the fact that cyber security professionals are now required to understand the hacker of today and how they think. “The attacks are made up of a number of stages. According to the analysis, published by the US computer emergency response team (CERT), the initial victims of the hacking campaign are suppliers with less secure networks.
DHS [U.S. Department of Homeland Security] said the hackers appear to have deliberately chosen to target companies with an existing relationship with many of the actual intended targets, most likely discovering this through publicly available information.”
When an organisation considers what their individual “Crown Jewel” data might be, they often think of their client lists and email addresses. However, this segment of information is the most minimal of data as the real core that hackers want includes detailed financials, profit/loss, tax filings, partnerships, alliances, vendors and a broad scope of information that they can use. The risk in accessing empowers them to not only have control of the initial company data but to then catapult them to the next levels of focus to all of the organizations included in the theft.
Hacker penetration now goes beyond just the standard IT firewalls and now extends into areas that they know that they can bypass what they know is protected by compromising the end users. This is done by exploiting via phishing through the legitimate tools that are inherent in a standard business environment. Today’s hackers will actually accomplish a bit of homework to circumvent traditional protection methods and then target those in a company that may be most vulnerable. In many cases the cybercriminals can get access to multiple shared credentials and command tools. In the same ZDNet article they state:
“The campaign also used the websites of trade publications and information websites as a way to leapfrog onto the networks of their final target, by altered them to contain malicious content.
Once inside the target network, the hackers searched for file servers belonging to their intended victim, looking for files about industrial control systems, known as Supervisory Control and Data Acquisition (SCADA) systems, such as files mentioning vendor names or reference documents with names like ‘SCADA Wiring Diagram’ or ‘SCADA panel layouts’.”
“Da Vinci Forensics makes use of Attack Path Mapping to identify a company’s vulnerabilities against cyber hacking. APM has already shown to have reduced the number of compromised systems and through the use of our analysis, we work with IT professionals and educate staff to identify and help to eliminate a company’s risk for breach and loss of the network as well as critical assets.” – Da Vinci Forensics
Image by: Sudeep Divakaran a Research Scholar at Takshashila Institution