How Businesses Can Stay Safe From Undetected Cyber Attacks
In today's digital age, cyber security has become one of the most critical aspects of any organisation. Companies of all sizes and sectors risk being targeted by hackers seeking to steal valuable data, cause disruption or extort ransom. However, despite the growing awareness of cyber threats, many organisations still fall victim to cyber-attacks that go unnoticed for years.
Recent high-profile cyber-attacks on companies such as GoDaddy and News Corp highlight that even the most prominent organisations with the most advanced security systems can still be vulnerable to cyber-attacks. The most alarming discovery for these two attacks was that the attackers gained access to the organisation's enterprise environment for a prolonged period and were responsible for multiple data breaches and security incidents over the past few years.
In the case of GoDaddy, the attackers remained stealthy. They compromised several GoDaddy services, leading to a malware infection on the hosting environment, compromised services, and leaked customer credentials and source code.
Although GoDaddy had several incidents over the past few years, they did not conduct thorough investigations and failed to remediate the issue entirely. As a result, the attacker could maintain access to the system for longer, compromising sensitive customer data and potentially exposing millions of users to further attacks. This incident highlights the importance of threat hunting, deep diving into incidents, conducting thorough investigations, and engaging external security experts when dealing with security incidents. Failure to do so can have severe consequences for the company and its customers.
Similarly, News Corp suffered a cyber-attack that went unnoticed for over two years. An unauthorised party had gained access to specific business documents and emails from some of its personnel's accounts in the affected system, some of which contained personal information belonging to employees.
In another case, in 2021, the Health Service Executive (HSE) of Ireland suffered a major ransomware cyberattack which caused all its IT systems nationwide to be shut down. At the time, their security provider received several alerts that antivirus software had detected Cobalt Strike. Like previous incidents discussed - a thorough investigation was not conducted to identify how the malware had got there.
So how do cyber-attacks go unnoticed for years at a time? In many cases, it comes down to negligence and a failure of organisational processes. Some of the most common reasons why cyber-attacks go undetected include the following:
1. Lack of security awareness: Many employees in organisations need to be adequately trained in cybersecurity and are unaware of the risks associated with cyber-attacks. This can lead to employees falling for phishing scams, inadvertently giving hackers access to the company's systems.
2. Outdated systems: Organisations that fail to update their systems and software regularly are vulnerable to cyber-attacks that exploit known vulnerabilities. Hackers can exploit these weaknesses to access the company's systems and data.
3. Poor password management: Weak passwords or passwords reused across multiple accounts make it easy for hackers to gain access and move laterally within the organisation environment. Organisations that fail to enforce strong password policies risk being targeted by hackers. Additionally, passwords to application accounts are rarely rotated due to the fear of something "breaking," providing attackers access to these accounts for years.
4. Inadequate monitoring: Organisations that do not have proper monitoring systems in place may be unable to detect when a cyber-attack occurs. This allows hackers to operate undetected for long periods. Additionally, it is tough to monitor such large environments due to different technologies and security solutions.
5. Lack of cyber security resources and shortage of skills: Organisations that do not have the budget or sufficient resources dedicated to cyber security may not have the tools or expertise necessary to detect and respond to cyber-attacks.
Tackling the challenge of identifying abnormal activities that compromise the account means organisations must turn to solutions that leverage behavior-based analytics and machine learning algorithms. These solutions analyse user behaviour patterns and detect actions outside of normal behaviour, such as logging in from an unusual location or accessing resources not typically used by the user.
While such solutions have gained popularity in recent years, they are not infallible. Software may eventually "learn" an attacker's behaviour and consider it normal, particularly in the case of an advanced persistent threat where the attacker remains undetected for an extended period. This is a significant concern for firms, as the attacker could continue operating within the network, exfiltrate sensitive data, and cause damage for months or even years before detection.
Despite the limitations of behaviour-based analytics and machine learning algorithms, they remain a valuable tool in the fight against cyber threats. These solutions can detect many threats that traditional security measures might miss, and they are continually improving through ongoing development and learning. However, organisations must remain vigilant and use these solutions with other security measures, including employee training, access management, and incident response planning.
Furthermore, it is crucial to regularly review and update these solutions to keep up with the latest cyber threats and maintain their effectiveness. Regular penetration testing and threat modeling can help identify vulnerabilities and protect the organisation against the most significant risks.