World War Digital (Part 2)
In a world where everything we are is digital, protecting yourself is paramount
In the first part of this series on threats in the digital realm we talked about what a potential cyber attack would look like on a mass scale. Now comes the next logical question: are you ready for one?
I’ve been hacked once before and lost a lot of money in the blink of an eye. It was a terrifying experience that shattered my trust in an Internet that rarely puts our security first. It was up to me to ensure my online identity was secure. Now, it’s up to you to do the same.
Protecting Yourself (and Your Business) From a Cyberattack
Cyber-related threats are all around us in the digital age. It’s situations like the tensions with Iran that bring the topic back into the mainstream conversation, even if it’s only for a moment. With that in our rear-view, we cannot let the topic fade. The reality is that threats to our digital lives are always there.
At the turn of the month, new cyber threats are emerging. For example, ESET reports that the Winnti Group, known for cyberattacks and industrial espionage, is using it’s Trojan to drop the ShadowPad backdoor in machines at Hong Kong Universities. The purpose, of course, is to gather intelligence on the protests happening within the city.
Meanwhile. BleepingComputer reports that Microsoft is seeing a return of the EvilCorp cyber gang, who is phishing with malicious Excel files. These threats are always lurking in the digital space. It’s not something we can forget about when the topic leaves mainstream media.
It’s impossible to know when an attack could happen, but it is possible to fortify your defenses so you have a plan of action if and when it does occur:
- Compartmentalize your assets: ensure that your firewall’s architecture separates critical elements into separate and protected domains. That way, if there’s a failure in one, it does bleed into others as well.
- Maintain Backups: consistently backup your data and store it offline to ensure you have an alternative in the event of a ransomware attack.
- Disable unnecessary ports and protocols: close any ports that you’re not actively using and monitor all the open ones for both command and control activity. Any protocols that aren’t required should also be turned off.
- Patch Your Software: do not wait for any security or firmware updates to your software. These often contain critical updates to vulnerabilities that an attacker could use if you’re not up-to-date.
- Monitor Network and Emails: limit the use of email attachments and inspect suspicious ones in a safe environment. Monitor internal communications as well for potential command-and-control software implants.
- Simulate an Attack: With all of your cybersecurity in place, test your ability to quickly react to a cyberattack in a variety of forms. Various types of software, such as Breach and Attack Simulations (BAS), allow you to simulate everything from email phishing scams, to DDoS attacks, to SQL injection, and plenty of others. By simulating a variety of attacks, you can prepare for a wide range of scenarios and teach your employees to recognize phishing emails.
- Don’t Neglect Physical Threats: Your physical location and your hardware shouldn’t be left out of the equation. Some attacks happen as a result of physical entry or theft of hardware.
This is by no means a comprehensive list, but it does outline some key actions you can take, and processes to implement, that will lead to a stronger security standard across your organization.
Using Hardware to Solve a Software Problem
Looking to the future, it’s possible that cybersecurity in the digital world could benefit from breakthroughs in the physical one. By integrating new security standards directly into the hardware, we can protect from attacks in ways that prevent remote access.
We already have things like memory management units that are protected by a virtual address in the event of an attack, or processors with a virtual machine installed to take over in the event that the primary one is compromised. These are hybrid solutions, but what about hardware specific ones?
One example of this would be shadow stacks, which Intel is planning to integrate into their processors as part of their control-flow enforcement technology (CET).
This type of hardware solution helps protect from software and physical fault injection attacks on instructions as the data is transferred from the sub-program to the main starting point.
The shadow stack prevents remote injection by physically storing memory on “plates” which create a physical address for the nodes traveling to and from the sub-program. The address is stacked on the plate as the sub-program runs and becomes unstacked when the operation is completed.
Since both the start and endpoints have physical addresses, it’s impossible for a software attack to redirect the sub-program. In the event of an attempt like this, the attack triggers an alarm.
Another example from Intel is Software Guard Extensions (SGX), which use hardware-based attestation to created encrypted zones called enclaves within a system’s memory. These secure spaces are then used to execute applications and data.
SGX uses software attestation, which allows a program to authenticate itself. When a user tries to load data into a secure enclave, the CPU will confirm the data’s hash value to ensure it matches the one generated by the hardware.
The hash value is a unique numerical value assigned to the data by a cryptographic algorithm. Any attempts to modify the data will also modify its unique hash value, thereby making it invalid.
As a result, the encrypted data in the enclaves cannot be accessed by any function outside of it. Even if a hacker bypasses the OS or BIOS security, they won’t be able to access the enclave because the hardware containing the data is non-addressable.
Hardware placed on the edge could also offer opportunities to bolster cybersecurity with real-world solutions. When it comes to security, we need to stop thinking about hardware and software as two different entities.
The threat of cyberattacks will always be present, but perhaps we can leverage hardware-based solutions like this one to give our software the edge it needs to resist various types of attacks.
If there’s one thing that’s certain, it’s that cybersecurity is a job that’s never quite finished. New threats will always create the need for new solutions. Vigilance and awareness are the strongest tools we have in our arsenal.
