You Are Under Attack!

By

Mar 21st


In November 2011 at the Cyber Security Summit, Major General Jonathan Shaw stated that Government computer systems come under daily attack, I know this to be true, as, at the same conference I gave a seminar, titled: You are under attack!”.

You would be surprised at how many organisations believe that hacking and cyber attacks are not relevant to them. What I can tell you is, if you have a connection to the internet, you are under attack, every single day, just like the government organisations.

One of my favourite websites is Detect Defend, these guys run a website where they publish their daily attacks against their web servers. Under their cyber reporting section they have reports that show you the latest IP Addresses and Usernames the bad guys are using to attempt to break in to their network.

As you will see, the attacks are constant, twenty four hours a day seven days a week. Do they have anything special on this site that makes them a target, no, the only reason they are under attack is that they are on the Internet, as are the majority of us.

When I speak to CxO’s a common response to my questions about why they would not have stronger security controls, is “we are unlikely to be a target”, which of course is rubbish. If you are online you are a target.

The scary part, you may have already been breached, you just don’t know it. To quote Major General Jonathan Shaw, “The number of serious incidents is quite small, but it is there, and those are the ones we know about. The likelihood is there are problems in there we don’t know about.”

His group has a £90million pound cyber security budget to spend over the next few years, if he can’t be sure they are safe, you can’t be sure. Just ask RSA, or SONY or WordPress, all organisations that spend millions on security, yet all were breached in 2011.

According to GCHQ, 80% of cyber threats could be eliminated by implementing basics controls, the Verizon breach report goes ones step further and states that in 92% of the breaches they investigated, the breach could have been prevented by implementing basic controls. Looking at the Detect Defend website a simple control would be to ensure the Administrator account has been renamed from the default, and away from Admin or Root, as these usernames come under attack every day.

If you rolled out a server with one of these users defined on the box, it would only be a few hours before it was breached. Renaming the user to a more obscure name is a simple control, but answer me this, out of your 100, 1000, or 10,000 servers in your organisation, are you 100% confident they all have the Admin account renamed, and they all have consistent security controls in place?

If you can’t answer this question with a resounding “YES”, you have a problem.

Major General Shaw’s advice? Be prepared, “the UK is still operating in pre-cyber attack mode, but that needs to change before it is hit by a major cyber attack. The UK should learn from Estonia, hit by a wave of cyber attacks in 2007, which operates a virtual cyber defence system in post-attack mode that harnesses all cyber users”

Your first step, validate your controls. I am sure your server was secure, before it went in to production, most organisations “harden” the server before it goes live, but after 6 months, 1 year or 5 years of in production use, is it still configured in a secure state?

Unlikely, validate that, and be sure, be safe.

Leave a Reply

 
© 2006-2019 Security magazine.