Page 51 - Cyber Warnings
P. 51
This is all very scary. But the first, essential break in the target bank’s defenses came when an
employee or some other insider such as a vendor allowed a download of malware. The enemy
made it through the castle walls and plucked the keys to the castle keep from another
employee.
IBM’s 2015 Cyber Security Intelligence Index, which describes Dyre Wolf in detail, stated that
55 percent of all attacks recorded in 2014 were carried out by those who had inside access to
the target company’s systems. Some of those insiders were malicious; others were unwitting
dupes.
Elsewhere in that report, IBM states that 95% of actual breaches were caused by human error.
So, by now it must be obvious. You’re only as strong as your weakest link, and that link is
almost always an employee. So what to do?
Building A Defense
Let’s return to the castle and its walls, moat, and sentries. Let’s also narrow our discussion to
the breaches that keep bankers and corporate treasurers tossing and turning: those that result
in unauthorized transfers of money.
In broad strokes, if you start from a secure base, a system in which nobody has rights to
anything, and then you open it up to people or processes as necessary, then your solution will
be secure and will enable people to do things that must be done.
On the other hand, if you start with a system that is wide open and proceed to lock things down,
you inevitably will miss locking or closing certain doors. Moreover, as things change, as people
come and go or acquire new privileges and responsibilities, you’ve got to be especially vigilant
in monitoring everyone and in shutting down additional doors. It’s far easier to grant as
necessary rather than trying to deny access once some change occurs.
Let’s assume that an attacker has fooled someone into downloading malware onto his or her
computer. How much damage can that do? Some, of course, but you can limit it substantially if
the infected computer does not have access to administrator rights.
If the user of said computer is a “standard” or “least privilege” user, then the worst-case damage
will be limited to what that user can do. It can’t change files, install software, change processes,
and so on. In other words, it would not allow the types of changes to the SWIFT messages that
hit the Bangladesh Bank.
The “2014 Microsoft Vulnerabilities Report” by Avecto, a UK software firm, states that “97% of
critical Microsoft vulnerabilities could be mitigated by removing admin rights across an
enterprise.”
51 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
