Recently, Russian PIR Bank lost $1,000,000 because of a compromised router that allowed hackers to gain entry into their local network. Why did it happen and how companies can protect themselves?
Malicious IoT hacking incidents are a norm today. That is not surprising, considering that by 2020, the IoT is expected to reach a staggering amount of 20.4 Bn devices. Homes and enterprises using legacy security measures are in danger because of the ever-growing IoT.
Networks in danger
Generic networking devices such as routers and a variety of IoT gadgets exposed to internet connectivity are left alone without proper supervision, maintenance, and support.
They are all exposed to a wide scope of cyber threats and are very attractive to criminals. These devices are used as initial entry points to gain a foothold into consumer homes, small & medium business or even big corporation networks.
The most recent case is the hack attempt against Russian PIR Bank. A hacker group called MoneyTaker was able to steal roughly $1,000,000. That clearly indicates that even huge companies spending millions on security each year do not have enough control and capabilities to manage those vulnerable entry points within their networks.
As soon as hackers gain a foothold into the network, they can move laterally without using any type of malicious software or advanced malware. They will always rely on pre-existing tools and non-malicious scripts to gain as much information as possible on the environment and achieve their goal.
In most cases, that goal is to steal money, exfiltrate data or damage a brand by encrypting all of the intellectual property and business-critical data. In such scenarios, all of the pricy endpoint solutions and antivirus agents will be useless in detecting various attack patterns.
Protecting the weak link
While layered security must remain the key priority, it is essential to understand that generic networking equipment and IoT devices are the weak link. They often have no continuous update program for firmware and software, low lifetime support, and insufficient computational power to host an antivirus or any other security agents.
As practice shows, they are almost always left alone without proper supervision at consumer homes, network perimeter of small & medium business offices or branches of huge corporations.
It is crucial to keep up with the evolving threat landscape. To do that, companies need to move away from traditional security approaches to the next generation solutions, especially security controls that are driven by artificial intelligence.
The latter are capable to precisely map a network and identify all devices (even those that might be left alone somewhere on the edge of the network). They spot anomalies in real time, identify unusual network traffic patterns, proactively track and flag outdated devices.
Only such solutions can provide owners with end-to-end visibility and control of their assets and identify potential vulnerabilities within their networks before they are exploited, and the irreparable damage is done.
Best business practices for security
Huge network expansions and a variety of technologies call for additional security measures. There are a few things that can help the Security Operations team to protect corporate networks properly. To build up a strong cybersecurity culture, a foundation is crucial. It can be built by baseline best cybersecurity hygiene practices:
- Define the exact boundaries of an interconnected enterprise network. That includes all the wireless and remote connections. It covers branches and access points exposed in remote areas as well as any cloud computing, and potentially externally accessible S3 buckets. The key is for every NOC and SOC to understand what are the boundaries of the enterprise network within which all of the business operates.
- Enable precise and real-time asset management. Teams have to know all of the devices that are connected to an enterprise network. This needs to be continuous exercise and task for every SOC and NOC team. The Russian PIR Bank case works as a perfect illustration of what can go wrong. Installed-and-forgotten devices, such as routers, can work as easy and attractive entry points for hackers. They can cause a significant amount of damage to a company, its assets, and brand.
- Ensure configuration and software update management of all devices. There has to be a clear process. The technology teams need to know at all times the exact configuration of devices. That way, they can introduce a streamlined and automated patch management strategy and protection for legacy licensed software components.
- Introduce Identity and Access Management (IAM) program. Companies must know who is accessing their infrastructure and when. It is also imperative to know the specific privileges that the users/employees have to operate on these devices.
- Implement User Behavior Analytics (UBA) solutions. These allow SOC and Security Teams to know what employees are doing when they access enterprise resources. Defining normal and potentially suspicious behaviors is crucial. As soon as hackers enter the network, they try to behave as ordinary users so that the Security Teams are not suspicious. Solutions that build precise behavioral employee patterns are useful to detect outsiders in an enterprise network.
It’s also imperative to mention that a company should not purely rely on the default firmware of the routers. Not all routers are designed with security in mind. It is a job for Security Teams within a company to configure them properly using additional security configurations (user management software, internal access/external access). With these in mind, it is possible to reach nearly a perfect state of a router.
Network-security-wise, there are additional steps that are needed to ensure that the network security is very difficult to penetrate. However, the precautions above help to eliminate the human factor and prevent initial hacking attempts. While building a comprehensive and sustainable security strategy is not an easy task, this foundation is key and needs to be implemented in every company.