Csaba Krasznay, Product Manager of Shell Control Box, Balabit (www.balabit.com)
Hackers may have many challenges, but it seems gaining access to a corporate network using social engineering techniques is not one of them.
Social engineering – a technique whereby an individual is tricked into revealing personal or log-in information – is nothing new, but its evolution in recent years is shocking. Recently, the biggest and costliest data breaches (such as OPM or Ashley Madison) were typically caused by targeted Advanced Persistent Threat (APT) attacks which in most cases relied on an initial step that offers a better success rate than brute force: that is, social engineering. It has become an evergreen hacking method – finding a trusting human to divulge sought-after information is easier than finding and exploiting vulnerabilities on a network or corporate system.
The are many reasons for this: there is hardly any financial investment needed, no major coding skills are required, and it is very easy to remotely manage the ‘project’. Hackers can easily rely on a trusting employee to give them the information they need in order to gain access. For an outsider, it is the path of least resistance. In fact, our own recent survey with IT professionals has revealed that outsiders gaining insider access through social engineering techniques such as phishing, is considered the most popular route in for hackers.
From a hacker’s point of view, it is so easy to target a group of employees you can guarantee that even the very best and most secure IT systems will have at least one bona fide user who falls down – and once this happens the most difficult part of the hack is done. Once the door is opened, and outside hackers have become insiders, even the lowest access can be further escalated until they gain privileged access and therefore could cause a significant data breach.
In social engineering, the key to the success is gaining the confidence of the user. Offering a recruitment plan in an email such as the RSA breach in 2011 that cost the company $66 million recovering from the attack, or presenting a fake breaking news opportunity to an eager journalist of Associated Press about explosions at the White House, are just two examples of the creative lengths that hackers can go to, to exploit human nature. They play on human psychology and natural traits inherent in most of us, or try to establish a connection with the user through information which may be freely available on social media or the corporate website.
Know your Enemy: how to identify the misused accounts
Once hackers have gained access past an organisation’s perimeter they could potentially misuse the account of a legitimate user and the damage caused could be devastating. Organisations today need to know their enemy by identifying who is behind their user accounts, and whether it is a legitimate user or a masked hacker. This should be the fundamental priority in every kind of organisation’s IT security strategy. Although traditional access control tools and anti-malware solutions are necessary, these only protect companies’ sensitive assets while hackers are outside of the network.
User Behaviour Analytics tools are able to provide baseline profiling about real employees, that are unique like fingerprints, and can easily detect the abnormal behaviour of user accounts and alert the security team or block user activities until further notice. Such monitoring can highlight any anomalies in users’ behaviour that are worth investigating and not only alert suspicious activities but can also immediately respond to harmful events and block further activities.
Today it is not enough to just defend against outside attackers, organisations also need to identify any unusual behaviour of their own users, as it has become crucial to know who is actually behind an insider account. It is important that staff are constantly reminded of the raging cyber war and to be vigilant in their daily actions – if they receive an email from the CEO for example when he doesn’t normally send emails, that should ring a few alarm bells. Perhaps it’s all just a matter of keep your friends close, but your enemies closer…