Being ready for cyber attacks

By Sanjee Balasuriya

The attack surface of large enterprises has grown in recent months driven by the new work conditions imposed by the COVID-19 pandemic. The threat has increased in many areas including servers that are directly accessible from the Internet, domain names, websites, web forms, certificates, third-party applications and components or mobile apps. 

Further today’s attackers can easily bypass cyber defences using a number of basic techniques from changing their command and control infrastructure, modifying malware toolkits, or leveraging non-malware based methods such as stolen credentials to hide their activity from signature-based and simple anomaly or outlier-based behavioural analysis systems. 

Additionally, the sheer scale of devices and network communications in a modern enterprise coupled with the need to work with a multitude of partners, suppliers, public cloud providers, and other third-party entities increases the difficulty of identifying threats in a silo. 

To combat this growing cyber threat, companies are increasingly adopting a Collective Defence strategy to actively share cyber threat intelligence with peer organisations to improve the detection capabilities of the

collective. Through faster sharing of behavioural analytics, signature-based, and human threat insights, collaborative organisations can more effectively spot malicious activity and greatly reduce attacker dwell time to mitigate threats before damage occurs.

While some of those changes might be temporary, many are likely to be permanent, straining the ability of existing IT and security teams to manage and secure them. Unlike more sophisticated forms of hacking, the act of website defacement does not require hackers to have highly sophisticated skills. 

In fact, several hacker typologies suggest that this form of online crime can be a stepping-stone to involvement in more sophisticated hacking, as well as a way to gain a reputation in the hacking community. 

Website defacement is the online equivalent of graffiti vandalism. It occurs when a hacker infiltrates a server on which a website is hosted and changes the content of the website with images and text of their own choosing. 

With the recent web site defacement attacks were reported in Sri Lanka mostly basic web defacement technique. Website hosting services are considered a highly desired target for hackers, as they allow access to multiple websites with a single attack. 

I would like to provide my expert thoughts and how it can be benefits to the organisations to mitigate such attacks in future. 

We as most cyber security experts most of them are acquaint “The MITRE ATT&CK Framework” which was developed with a single purpose in mind to better detect post-compromised cyber adversary behaviour. 

In the framework we find “Exploit Public Facing Applications” where most of the web sites use of software, data, or commands to take advantage of a weakness in an Internet-facing computer system or program in order to cause unintended or unanticipated behaviour. 

The weakness in the system can be vulnerability. In this context this framework provides monitor application logs for abnormal behaviour that may indicate attempted or successful exploitation. It uses deep packet inspection to look for artifacts of common exploit traffic, such as SQL injection and Cross Site Scripting.

Secondly, we also can consider uses next-generation deception technology to impede web site defacement cyber-attacks by paralysing attackers, destroying their ability to make decisions, and depriving them of the means to move sideways towards attack targets. 

Inescapable deception and attack surface reduction capabilities eliminate high-risk pathways to critical systems, force attackers to reveal themselves early in the threat lifecycle, and capture real-time forensics that accelerate incident response. 

Detection assumes that attackers have already infected assets inside the organisation, and they have been “caught” (or found out). The goal of a deception technique is to detect adversaries before the damage is caused to an organisation. With a deception tool, we can analyse the techniques used in real attacks, which then provides security teams important insights into the activities of their adversaries.   In conclusion, organisation reputation damage can lead to a deceptive and inadvertently losing faith in users. In order to have comprehensive mitigation action plan immediately rather web site defacement can lead to a massive cyber attack for the entire IT infrastructure.

(The writer is a Senior Cyber Security Advisor and Consultant.)