How can cybercriminals use apps to access the enterprise networks?
The attacker establishes a foothold, and then uses the compromised end-point/person’s network credentials to move laterally within the network. The compromised endpoint itself is not the target—it is the vector through which the attacker enters the network and finds valuable IP or data to steal.
Think of someone robbing your house. The thief might break in through the front door or a side window, just like an exploit would enter your network using expected means like SMTP, IMAP or POP3. The thief then opens the back door to let his friend into the house—in network terms, the second payload being pulled down.
These two wander around your house, inspecting what you have that’s worth stealing. In network terms, the attacker escalates privilege and now looks like a legitimate user on your network with full control over the endpoint–your house–but the endpoint itself is not the target. The two thieves see your big screen TV and your state of the art sound system. They also see your jewellery case in the bedroom. They see these things because once they’re inside your house, they can see everything – none of it is separately secured – just like what we are seeing in many of the networks we analyse.
Assets are there for the taking because security administrators have no isolation of data and have not segmented their networks.
So these two thieves load up your SUV in the garage with everything they want, close all the windows and doors behind them, open your garage from the inside, back out, close all the doors and drive away. The house looks totally normal from the outside, but your valuables are gone. In your network, the data exfiltration has occurred through a different application— perhaps via SSL, or FTP, or UDP.
What’s at stake, and what do cybercriminals stand to gain?
This year, global cybercrime will cost companies approximately US$300 billion to US$1 trillion alone (2012 Law & Boardroom Study) and following a data breach, companies can expect the value of their brand to decline as much as 30 percent.
Businesses fear cyberthreats because it means lost data, lost assets, lost IP and lost reputation. Stolen information such as billing, addresses, credit card information is sold to a variety of buyers often for nefarious purposes, such as identity theft, spam and phishing.
In light of last years’ attacks on media and government-linked websites in Singapore, organisations are quickly learning that the problem will only get worse thanks to cyberwars for economic purposes, the increasing complexity of threats and the more devices there are connected to the Internet.
Sign up for Computerworld eNewsletters.