6 cyber tips to fight crime
Personal devices on the network are inevitable; here's how to protect your company and customers
- By Andreas Baumhof
- Jan 25, 2013
The bring your own device, or BYOD, trend couldn't come at a tougher time for government contractors. State-sponsored espionage malware is in the headlines daily. Defense Secretary Leon Panetta is warning about the potential for full-scale cyberwarfare. Federal agencies are starting to look with suspicion at contractors' security policies – and employees want to check their email and access company files on their personal iPads?
But this is today’s reality – smart phones, tablets and home computers are part of the IT environment. You need to understand the nature of the threat and find ways to protect government data and your own business.
Look beyond cyberwarfare
Hostile governments are not the only problem. There's a global network of cybercriminals trying to steal information for financial gain. If you know where to look, you can find millions of stolen government email addresses and account data for sale, collected from Trojans and botnets.
Cybercriminals use a wide variety of means to get at your accounts and systems. Malicious code that range from basic remote access tools (RAT trojans) that give a hacker remote control of your system to Man-in-the-Browser (MitB) Trojans that steal account credentials and transaction details. Targeted phishing attacks (spear-phishing) may trick individuals into giving up login information.
For cybercriminals, government contractors look like a convenient back door into federal agencies. In early 2012, researchers discovered a Trojan disguised as a Windows updater that targets government contractors. By stealing a trusted contractor account, attackers hope to gain access to sensitive applications and data.
As federal contractors deal with the BYOD trend, they must look beyond the devices themselves to the applications and data in the system. Agencies need defenses in place to:
- Protect applications and data from malware on personal devices
- Protect accounts and applications from logins using stolen credentials
Help employees protect personal devices from malware
Help employees keep their smart phones, tablets and laptops safe from malware. Encourage or require the use of anti-malware software before employees can connect to internal applications. There are many options, including simple lightweight clients that can be installed from the cloud.
Remember that authentication is only one part of your security strategy
Contractors need to put measures in place to keep people from accessing accounts using stolen logins. Strong authentication like Common Access Card (CAC) is a good first step. But it's not enough, especially for applications hosting sensitive government data.
MitB attacks can hijack authenticated sessions using CAC cards, for example. And sophisticated attackers are going after the certificate authorities (like RSA). Financial institutions have used strong authentication for years – and they are frequent targets of MitB attacks. Contractors and agencies should use complex device identification and real-time risk engines to protect sensitive applications and logins from cybercrime.
Device identification helps to find devices that don't match the legitimate user, disguising their true location, are part of a known botnet, or have other red flags. If someone has stolen authentication credentials, device identification can spot the fact that the device itself is wrong.
Look for malware in inbound connections
Real-time malware detection technologies find sessions that are redirected or changing data in flight. This can help spot devices that are compromised with malware – with or without the user being aware of the problem.
For example, if a trusted user with legitimate credentials and CAC card has a Man-in-the-Browser Trojan running on his or her device, then their connection is compromised. Using malware detection, you can detect the presence of the Trojan in the interaction and shut it down or alert the user.
Cybercriminals are constantly changing their tactics. To stay on top of these changes, tap into a global network of threat intelligence. As new exploits appear on the scene, you'll be ready to respond and block them.
Put it all together and look for anomalies
Research suggests that many successful attacks leave traces that weren’t identified at the time of the attack. A good anomaly detection system can make a huge difference, helping to find complex attacks quickly, without creating false positives. This is where your layered security approach pays off. Layered defenses often force cybercriminals to leave traces that anomaly detection systems can find so you can take quick action to mitigate the risk.
Andreas Baumhof is the chief technology officer of ThreatMetrix.