Why Uncovering a Network Security Breach Can Take Weeks or Months

[Audrey McNeil <audrey () riskbasedsecurity com>]

https://finance.yahoo.com/news/why-uncovering-network-security-breach-174500248.html

There’s been an understandable but unfair question being raised by many in
my circles regarding Home Depot as it became the latest high-profile
company embroiled in a security breach. I’m being asked, How could the
company not know one way or another if an attack occurred many months ago?

The reality is that this scenario arises more often than not. There are two
kinds of companies, a saying goes: The first kind is the ones that have
been hacked and know about it and the other type are those that have been
hacked and don’t have any idea.

While I don’t have any insight about this retail giant’s cyber security
operation, many companies large and small have no idea if a breach has
occurred in their networks despite their valiant efforts.

Today’s cyber thief is sophisticated, well financed and adept at not being
caught. One way or another, virtually every business is a target.

That’s because today's hackers are extremely stealthy. The bad guys will
infiltrate using a default password, an unpatched server connected to the
rest of the network or a zero-day attack, then immediately cover their
tracks and create several more back doors. A zero day attack is a
previously unknown exploit. It's more dangerous because antivirus programs,
firewalls and intrusion detection systems typically won't detect it and
affected software programs don't have patches for the flaw.

Picture a burglar entering a house through an unlocked window, then locking
that window and disabling the locks on every other window for the next time
he wants to enter. Once in, the attackers will secure the data they need,
whether it’s customer credit-card records, employees' personal information,
intellectual property or keystroke logs that reveal the passwords to the
corporate bank accounts. They will then disguise the information in other
files such as jpegs, Word, Exel or PowerPoint documents in order to be able
to send the files out without triggering any intrusion-detection systems.

I know of one instance when hackers used a company’s programs against it by
infiltrating the firm's development servers and changing the code in its
homegrown application used to encrypt credit-card files so as to then use
the key they implanted to decrypt all the credit-card numbers once they
exfiltrated them. The company never thought that its development servers
would require extensive protection or patch updates.

It's not sufficient to simply have devices on a network to determine if the
company’s files are being sent to China, Russia or North Korea. To
transport stolen data, most sophisticated hackers use botnets that can be
located anywhere in the world. The stolen data is moved  to unsuspicious
destinations, in disguised file formats, in smaller segments, during times
when normal data traffic would occur. This makes these attacks very
difficult to discover.

To make matters worse, this highly sophisticated strategy is infinitely
scalable and not directed solely at large conglomerates. Small businesses
are actually more at risk. While their customer and financial data may not
be as big of a catch as, say, that of Target or some other global big-box
retail chain, there are plenty of opportunities to hit mom and pop
operations.

Because there’s a false sense of security on the part of small-business
owners that hackers won’t waste their time on their firms, these
organizations may be easier targets. Automated programs do most of the
attacks on small businesses. I’ve heard small business owners say, “We
don’t have anything worth stealing" and "Nobody would go after us when they
can get so much more from attacking ABC Co.”

Even though someone may prefer to get a neighbor’s $50,000 in cash versus
$5,000 in cash, if it's left on a front doorstep while the neighbor keeps
funds in a locked safe, who will lose their money first?

The loss to a small business can be catastrophic to its ability to survive.
The Target breach, while unprecedented, didn’t take down the company. But
an attack on a local restaurant or ecommerce startup that compromises  the
credit-card data of customers could put the small enterprise out of
business.

So as the Monday morning quarterbacking continues about Home Depot, I would
argue that time would be better spent understanding that the issue probably
facing this retail chain is far too common. It's up to all business owners
to not only remain vigilant but also to develop systems and processes to
counter the growing savviness of today’s hackers.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!