• Home

  • Internet

  • Corporate America is Being ATTACKED and the Entry Vector May be Surprising
2
by: Rick Mellendick Chief Security Officer Signals Defense “Corporate America is under attack” has become a more regular headline with media outlets. Such reports often describe the attack and loss, but few explain why it happened and even fewer take the time to describe how not to let it happen. Even organizations focus on the attack, loss, and why the attack happened when responding, yet few take the time to really know how to prevent such attacks from happening. A typical organization’s security strategy includes the purchase of expensive firewalls, intrusion detection systems (IDS), heuristic intrusion prevention systems (IPS), and security information and event management systems (SIEMs), many costing upwards of $100K each. With the throw more metal at the problem approach, why do networks still remain inadequately protected? The answer is that the vulnerability being exploited is people: the corporate users and the end users. What the organization misunderstands is that the user is a node on the network, not a corporate owned piece of equipment. User behaviors, unlike machines cannot be governed by a technical policy, or a series of ones and zeros telling it on/off, yes/no. Risks are introduced into networks by a user’s own digital/Radio Frequency (RF) fingerprint, a digital/ RF fingerprint is the unique RF and trail of data that Corporate America is Being ATTACKED and the Entry Vector May Be Surprising 72 United States Cybersecurity Magazine

Corporate America is Being ATTACKED and the Entry Vector May be Surprising

Tags:

Embed Size (px)

Citation preview

Page 1: Corporate America is Being ATTACKED and the Entry Vector May be Surprising

by: Rick MellendickChief Security OfficerSignals Defense

“Corporate America is under attack” has become a more regular headline with media outlets. Such reports often describe the attack and loss, but few explain why it happened and even fewer take the time to describe how not to let it happen. Even organizations focus on the attack, loss, and why the attack happened when responding, yet few take the time to really know how to prevent such attacks from happening. A typical organization’s security strategy includes the purchase of expensive firewalls, intrusion detection systems (IDS), heuristic intrusion prevention systems (IPS), and security information and event management systems (SIEMs), many costing upwards

of $100K each. With the throw more metal at the problem approach, why do

networks still remain inadequately protected? The answer is that the vulnerability being exploited is people: the corporate users and the end users. What the organization misunderstands is that the user is a node on the network, not a corporate owned piece of equipment. User behaviors, unlike machines cannot be governed by a technical policy, or a series of ones and zeros telling it on/off, yes/no.

Risks are introduced into networks by a user’s own digital/Radio Frequency (RF) fingerprint, a digital/RF fingerprint is the unique RF and trail of data that

Corporate America is Being ATTACKED and the Entry Vector May Be Surprising

72 United States Cybersecurity Magazine

Page 2: Corporate America is Being ATTACKED and the Entry Vector May be Surprising

each person emits, this digital/RF fingerprint is the culmination of device and device usage such as:• A cell phone’s frequency

• Names of the networks users connect to with their devices

• Bluetooth devices and the connections to and from them

• A user’s device or devices (e.g., laptop, phone, key fob, garage door opener, home security system)

• Social media site usage, email, both personal and corporate, and other traceable internet usage

The issue with the lack of mitigation for this unique fingerprint becomes vulnerability when a user leaves to get coffee, gas, travel to another office, or go home.

Most organizations do not include user behavior as part of its risk assessment and overarching organizational security risk mitigation plan. The organization’s firewalls and IDS are not following its most precious asset and most vulnerable object when it leaves to get coffee or to go home. But the user’s cell phone, tablet, laptop and wristwatch are going home with them, and these are an integral part of their digital/RF fingerprint.

All of these devices have a signature that can be captured and cloned. For example, attackers know that cell providers track cell phones. A user’s location, WiFi beaconing, and networks that they have connected to can be found online. For Apple, data from iPhones may be found at http://samy.pl/cellmap/. For the Google/Android, data may be found at http://samy.pl/androidmap/. Wigle has been capturing WiFi data from home and corporate router SSIDs since 2001. WiGLE data may be found at https://wigle.net.

Once a user’s digital fingerprint has been so nicely catalogued by all of these databases, a vulnerability database called Shodan (http://www.shodanhq.com) aggregates a user’s data for the attacker. Shodan keeps track of when a home router, baby monitor, or home security system are not secure. After reviewing these resources, an attacker can then look at LinkedIn,

Twitter and Facebook to discover additional information about the targets. There is no

one tool that can stop this reconnaissance.

In order to effectively prevent corporate attacks, there needs to be more than just

hardware protecting the data and people. There needs to be effective mitigations that protect the users and their digital/RF fingerprints. These mitigations include not keeping any private or sensitive data on mobile devices without effective encryption. There are tools for all platforms that allow for a device or specific portions of a device to be fully encrypted in a container for specific data like photos, email contacts etc. Turn off all convenience services such as, auto connect for

WiFi or Bluetooth device discovery if these services are not immediately needed at

the time the device is or is not in use. In this ever-changing digital world people need to change the way

that work and play is performed. Why would you have your Bluetooth connection for your car turned on when traveling on a plane? Why would you have your phone or computer trying to connect to your home network when you are driving in your car? Why would you leave your garage door opener in your car when getting an oil change? Is there really a need to have your personal “private” pictures on your phone, which is connected to your corporate WiFi as well as at the local coffee shop?

By instituting an organizational plan for disabling the auto connect for WiFi on all devices this immediately makes the attackers job much harder. Creating security policies that address user behavior as it relates to attacker reconnaissance efforts will reduce successful organizational attacks where the user is the exploited vulnerability.

Rick Mellendick is the Chief Security Officer for Signals Defense in Owings Mills, MD, and has been a security architect for multiple U.S. Government agencies and corporations. Mr. Mellendick specializes in designing and testing wireless networks with non-traditional strategies, using offensive techniques. He has 20 years of IT

and security experience, is a builder and breaker of RF signals, and inventor of the Wireless Capture the Flag (http://wctf.us). Legally breaking and entering through RF is his specialty.

73United States Cybersecurity Magazine


Especially attacked young animals Human :

Especially attacked young animals Human :

Documents
Always surprising louis vuitton

Always surprising louis vuitton

Travel
When the Jews Attacked the Asians

When the Jews Attacked the Asians

Documents
Surprising wedding desserts

Surprising wedding desserts

Lifestyle
Skull Cave Attacked

Skull Cave Attacked

Documents
SSEC - Attacks Against Schools - 2017-01-05...Jan 05, 2017  · 63% schools attacked 25% schools attacked 11% schools attacked percentage of schools attacked 31% nationwide percentage

SSEC - Attacks Against Schools - 2017-01-05...Jan 05, 2017  · 63% schools attacked 25% schools attacked 11% schools attacked percentage of schools attacked 31% nationwide percentage

Documents
8 SURPRISING FACTS

8 SURPRISING FACTS

Documents
The SURPRISING OFFENSE

The SURPRISING OFFENSE

Documents
Surprising Science

Surprising Science

Education
Surprising Fairytale Princesses

Surprising Fairytale Princesses

Education
Surprising computations

Surprising computations

Documents
Special Report: America Attacked

Special Report: America Attacked

Documents
18 Surprising CRM Statistics

18 Surprising CRM Statistics

Business
Wan Ga Bo Attacked

Wan Ga Bo Attacked

Documents
SURPRISING COMFORTABLE EFFICIENT

SURPRISING COMFORTABLE EFFICIENT

Documents
Red Cross attacked in Myanmar

Red Cross attacked in Myanmar

News & Politics
Herbal Diet aid Attacked

Herbal Diet aid Attacked

Documents
Isfd41 lee4-attacked by-art[1]

Isfd41 lee4-attacked by-art[1]

Education
Surprising Reasons

Surprising Reasons

Documents
Event Extraction - Texas A&M University · 2020. 8. 10. · icon of was attacked on was attacked in Syntactic Templates was attacked by

Event Extraction - Texas A&M University · 2020. 8. 10. · icon of was attacked on was attacked in Syntactic Templates was attacked by

Documents
Surprising Gifts

Surprising Gifts

Documents
Hospital Attacked by Hizbullah

Hospital Attacked by Hizbullah

Health & Medicine
Mumbai Attacked

Mumbai Attacked

Lifestyle
SURPRISING WELCOME

SURPRISING WELCOME

Documents
Surprising story

Surprising story

Documents
Surprising Solution

Surprising Solution

Documents
The Surprising Murder

The Surprising Murder

Documents
The surprising truth

The surprising truth

Documents
If Attacked With … Counter With - Archive

If Attacked With … Counter With - Archive

Documents
Covergirl ad attacked

Covergirl ad attacked

Business