All defense-in-depth strategies monitor backdoor channels for communication enabling remote command and control over an internal beachhead. We conventionally look for private peer-to-peer pathways to known bad botnets.
Details from recent cyber incidents paint a different story. Take the banking Trojan discovered late last year targeting South Korean banks which used Pinterest as the C&C channel. Just last month, the Janicab Trojan was found to use YouTube.
So who is monitoring mainstream social networks for possible backdoor command and control traffic? A simple refinement to use a reputable public content site complicates matters, doesn’t it?
This is the third post in a series on Cyber Security Preparedness, and follows steps to gain Cyber Security Awareness and Assess Security Controls. Today we focus on improving Threat Intelligence and Collaboration.
Electronic crime is no longer confined to the big screen. Real money is being lost, and in an increasingly wide range of industries. It is time to study today’s failures, learn from them, and better prepare for cyber risk.
If a tree falls in the woods, it does make a sound? If you’re not close enough to hear it, find someone who is and learn from them. It’s called collaboration. Begin your learning there.
The single most important source I have for threat intelligence is Infragard. This public/private forum shares confidential DHS and the FBI information to verified members. Unlike other public sources, the threat indicators shared can be configured into my security infrastructure, leading to advanced detection and prevention capabilities. Professional forums such as ISACA, ISSA, ISC2, and the like establish peer contacts which further extend my reach for information sharing and collaboration.
Public forums such as the SANS Internet Storm Center, US-CERT, and the daily Cyberwire keep me informed on the changing threat landscape. Weekly or monthly security updates are no longer acceptable. Increasingly, zero day exception processing overrules standard business as usual threat and vulnerability management activities.
Investors learnt years ago that automation can keep costs down. Factories and other process control applications have been retooled time and again. SCADA now rules. But what if an attacker denied you such services?
History shows that Supervisory Control and Data Acquisition (SCADA) was introduced nearly 75 years ago. Generations later, implementations creped onto our networks by way of an open systems architecture. Such innovations may lead to it’s downfall unless investments are made in the rising threat landscape.
A recent article in CSO states that “Attacks against industrial control systems double” when analyzing traffic between 2013 and 2014. Malware has been developed for the SCADA technology with all new exploit kits including it.
Note:
References to articles used in this post are no longer accessible.
