At this year’s inaugural Usenix Enigma security conference, crowds flocked to listen to an unconventional speaker.
The head of the NSA’s Tailored Access Operations (TAO), Rob Joyce, captured the audience’s attention with pointers on how US companies have left the door open for cyber security threats and malicious actors.
The NSA’s “hacker-in-chief” offered valuable advice, letting US companies know the most effective ways to keep Advanced Persistent Threats (APTs) out of their networks.
Here are 3 reasons why these cyber attackers know their target networks better than most system administrators:
1. High-Privilege Credentials, Low Security
While it is standard for users to be required to reset their passwords after a given period of time, systems administrators, and others that have higher levels of network access and privileges, aren’t necessarily kept to the same standard for certain accounts.
The NSA and other nation-state actors know this vulnerability, and NSA documents have even gone as far as stating that they “hunt sysadmins.”
They also search for weaknesses, such as legacy protocols, which transmit passwords in the clear and hardcoded passwords in software. These small cracks allow actors to get inside and move laterally throughout a network.
2. Cyber Attackers Monitor Your Network More Than You Do
If you take your defenses offline for maintenance and repair, or leave the network open for a vendor to connect from an insecure endpoint, someone will take this as an opportunity.
3. Sysadmins Aren’t Always Reviewing Logs
The sysadmin that is constantly reviewing logs and is paying attention is an APT actor’s worst nightmare. Realistically, most don’t have the time to do this, and lack the technologies in place to assist them in constant monitoring to avoid cybersecurity threats.
Knowledge and time both represent power in this scenario: the time to monitor your network in detail, and knowledge of how your network differs from the ideal.
Joyce gave additional insight on this subject by remarking, “We put the time in …to know [the network] better than the people who designed it and the people who are securing it. You know the technologies you intended to use in that network.
We know the technologies that are actually in use in that network. Subtle difference. You’d be surprised about the things that are running on a network vs. the things that you think are supposed to be there.”
With network administrators unaware and preoccupied, attackers have an easier time slipping into systems. With such a target-rich environment for cybersecurity threats, advanced attackers don’t even need to rely on exploits such as zero days.
Attackers have much to gain and have considerable time to devote to their mission. Although IT professionals on the other side of the equation aren’t granted the same luxuries, they still have resources to help them distract or even deter persistent attackers.
Deception Technology Gains the Upper Hand
Highly secured networks with firewalls, intrusion detection, anti-malware and authentication are still susceptible to cybersecurity threats and breaches caused by the savviest of attackers. To protect the vulnerabilities that are left behind after these measures are implemented, security professionals are turning to deception technology.
With the Deceptions Everywhere® solution, once attackers enter the network, they are unable to tell real from false. A network, database, or endpoint might contain valuable data—or it might be a trap that reveals the attacker’s presence and method of attack.
Once detected in such a manner, an attacker will be unable to attack the same network with the same methods. In addition, illusive networks® 3.0 with Attacker View™ can map your network from end-to-end, displaying it from an attacker’s perspective.
This enables IT professionals to finally have full visibility into their networks and take the appropriate steps to reinforce any apparent vulnerabilities.
Contact illusive networks today to gain real-time visibility into the behavior of attackers, so that you can protect and deflect in the case of a forced entry into your network.
Recommended Reading for You:
Subscribe to the Proofpoint Blog