Page 38 - Cyber Defense eMagazine for August 2021
P. 38

sources. This is especially powerful information for North Korea, as only 26% of their population has
            access to electricity.


            Kimsuky, according to United States officials, is likely tasked by North Korea with a global intelligence-
            gathering  mission.  This  attack  is  not  the  first  attack  Kimsuky  has  launched  at  South  Korean
            infrastructures, as they succeeded in attacking Korea Hydro & Nuclear Power Co. Ltd back in 2014. The
            group has also been attributed several other attacks on South Korea using a backdoor called AppleSeed
            for Windows and Android systems.


            In response to the claims about the attack, KAERI issued a statement explaining that an unidentified
            outsider accessed parts of its systems, exploiting a weakness in their virtual private network (VPN).
            Regarding  the  attack,  they  blocked  the  IP  address  and  updated  their  security  after  the  attack  was
            discovered on May 31st. The damage from this hack is not yet known.


            Incidents  like  this  highlight  to  the  world  that  critical  infrastructure  components  can  be  vulnerable  to
            cyberattacks. In response, we need to ensure that the organization’s security objectives are clear and
            met. The focus of compliance should not be just meeting it but having real security objectives to prevent
            future attacks.


            It is the standard procedure for companies adhering to a certain compliance level to check their networks
            daily for vulnerabilities. Such practices are in place because we assume that there could be a malicious
            actor looking to exploit any vulnerability and open our systems. For vital infrastructures such as water
            and energy enterprises in the United States and abroad, we need to examine our identity privilege and
            adherence to the Principle of Least Privilege since it is the industry’s best practice to stop the damage
            from hacks.


            When we look at the Principle of Least Privilege, we can see the advantages of ensuring that users,
            systems, and processes only have access to resources they need to perform their function inside an
            organization. Combining PoLP with zero trust - especially around network segmenting - can help deliver
            the desired level of network security.  Limiting the reach of any one network user by governing their
            access makes it more difficult for attacks such as the Colonial Pipeline and KAERI to occur. Limiting the
            ability of one user account to affect the whole network limits the effect a malicious actor can have on your
            network.


            By auditing the systems in place to determine the minimum privilege necessary for any user, system, and
            process, organizations can implement the Principle of Least Privilege to each entity. Start by examining
            the organization’s protocols from the perspective of an attacker to determine points of interest most likely
            to be exploited. What privileges have we granted remote users? What access levels have they been
            granted? How much damage can a rogue user do if they have access to that account?









            Cyber Defense eMagazine – August 2021 Edition                                                                                                                                                                                               38
            Copyright © 2021, Cyber Defense Magazine.  All rights reserved worldwide.
   33   34   35   36   37   38   39   40   41   42   43