There are many reasons why people with bad intentions break into a computer networks – financial, political, industrial espionage or some other form of malice. But whatever the reason, there is nothing like seeing a live simulated cyberattack in real time to drive home how vulnerable organizations are to these bad actors. NRTC cybersecurity partner Dynetics provided such a live simulation during NRTC’s recent Webinar, “Cybersecurity - Now It's Personal!”
Dynetics’ Craig Mitchell, acting as an “ethical hacker,” conducted the simulated attack, showing how easy it is to fool a user into opening his/her computer, then potentially doing mischief to a company’s network within minutes. With a better understand of the nature of the attacks, organizations can prevent many of them.
Attack prevention is the chief goal. “When you look at the things we do through NRTC, evaluate and assess an organization, we’re looking to see if you can prevent the attack vectors that are coming from a level 3, 4 and 5 threat,” Mitchell said.
Greg Jackson, a Dynetics senior cyber risk advisor, said that many companies have built strong firewalls and defenses against the “perimeter” of their networks. “That is well and good for the everyday attacks, but that’s not the way that attackers attack today,” Jackson said. “Attackers use well-crafted phishing emails for a direct attack on an individual or they’ll spray a bunch of phishing emails out there and try to catch as many people off guard as possible.”
One employee who is tricked by the attack may be allowing the hacker to stroll past hundreds of thousands of dollars in cybersecurity investment.
He described the various levels of attack. Levels 1 and 2 tend to be lower-risk, with unmotivated hackers … perhaps a bored teen who is comparatively easy to deter. At Level 3, however, the situation can get dangerous, with attackers actively seeking targets for financial gain and who are not as east to deter. “Ninety percent of the organizations out there face at least a level three,” Jackson said.
Levels 4 and 5 are the most sophisticated and serious attacks, often done for political purposes and sometimes launched by foreign governments. “These are targeted attacks, and they act as a group. They very rarely act alone,” he said. The most difficult are the “advanced persistent attacks” (ABTs), which are sophisticated, high-volume attacks that the Department of Defense and defense contractors deal with daily.
During the demonstration, Mitchell told the story of Robert, a salesman for an equipment vending company who has spoken on the phone with a prospective customer. The prospect, Peter, is really a hacker who sends Robert a follow-up email with a link to what is supposed to be a business-related document (top screen). Robert clicks on the link and goes to a familiar MS Office file-sharing screen. One more click and Peter has full access to manipulate Robert’s computer code (bottom screen).
From there, an attacker could gain access to an organization’s complete network, depending on the victim’s level of administrative rights on the network. “In order to get to administrative rights, many times attackers will elevate their permission,” Mitchell said. Individuals in the company who had nothing to do with the cyberattack could have their data stolen or manipulated.
Another possibility is that the hacker could find a way to encrypt the organization’s data, even if the company has already encrypted it. The hacker can lock down all data and hold it for ransom.
“Is there anything [NRTC members] can do?” Mitchell asked. “Absolutely. There’s plenty you can do, and you can prevent this. First of all, recognize that you’re on the front line. Cybersecurity awareness training is a big part of what organizations do.” Teach employees to always be skeptical and look for the signs of an attack.
The webinar attracted a large audience seeking cybersecurity answers. Following the presentation, NRTC polled attendees: “Are you fully prepared for a cyberattack?” Only 8 percent could confidently say that yes, they were prepared. Forty-two percent said they were not prepared, and 51 percent said, “Maybe.”
NRTC members who would like to learn more about cyberattacks and the security measures Dynetics recommends should contact NRTC Managed Services at firstname.lastname@example.org. NRTC also can help members organize cybersecurity training sessions for their staffs.
- Managed Services
- Smart Grid
- Member Impact