It’s about Money – Hack the Hacker Using Deception!
About the Financial Sector
“Money” is one of the most driving motivations for adversaries to spend significant time on this sector. Advanced tooling, high pay-outs and a perimeter that has been redefined over the last year makes this sector very lucrative for targeted cyber-attacks.
Here are some of the attacks and its impact over the last few years
• Attacks against core banking infrastructure (like SWIFT) resulting in losses in the tune of hundreds of millions of dollars.
• Attacks against ATM and transaction processing infrastructure resulting in direct financial impact to end customers.
• Ransomware attacks that cripple operations leading to the erosion of trust and reputation when customers don’t get access to their money and information.
For the sector, investing in modern problem-solving approaches to security challenges is simply the cost of doing business.
The financial sector is usually the first adopter of new approaches and technologies when it comes to Cyber Security. The reason for this is simple.
Given the importance of the financial sector for day-to-day existence, organisations look for every advantage they can bring to their security program.
Zensar technologies learnt from discussion with CISO’s that, it is not straight-forward and brings a lot key challenges with it:
- The Human behind the Adversary is ignored: All malware and cybercrime syndicates are built and driven by human beings. The lack of understanding of how adversaries operate tactically leads client to try to beat them technically and hacker always win.
- Passive Defences: Organisations have implemented signature and behavioural detection systems detects the threat when alert is triggered. New adversary tactics, such as hiding in plain sight and rescent supply chain attacks such as SolarWinds SUNBURST attack have highlighted those passive set-and-forget defensive technologies must be supplemented with proactive defensive measures.
- Data-Inefficiency: Financial organisations process hundreds of gigabytes of data searching for threats daily. Big data analytics has the drawback of presenting more anomalies than even most of the mature organisations can handle. We have moved from ignored alerts to ignored anomalies. There is a need to be more data-efficient with threat detection to detect threats that matter.
There you have it. Ignoring the tactical adversary allows hackers to dictate the terms of how financial Organization manages the threat detection program and defensive strategy. Bad guys innovate to take advantage of our weaknesses and usually succeed.
Take back the advantage with the deception
Deception disrupts how the adversary functions tactically. It does so by planting decoys.
What is a decoy?
A decoy is a fake system, user, application, credential, or software used to attract adversary attention. The decoy should never be interacted with any systems because nobody knows it exists. In an adversary engagement scenario, when the adversary interacts with a decoy, it generates an alarm.
Where can you place decoys?Everywhere.
• Active Directory
How Zensar’s Threat Deception powered by Smokescreen is helping Organizations?
- You only need to be right once:
Zensar can help Organizations to challenge the old saying that “defenders have to be right every time” with deception. A single alarm from deception can alert the presence of the adversary. It confuses attackers, fools them and makes their life difficult, In fact hack them back. Attacking just became costlier for the attacker.
- It delivers asymmetric Value:
Every decoy implementer is adding to network gives asymmetric value in threat detection when compared to the efforts invested in planting the decoy. Every triggered decoy lets implementer learn about the environment. Nothing is more valuable in cyber defence than knowing about environment activity better every day.
- It’s Active Defence:
MITRE released the Shield framework for defenders and a significant part of the framework is decoys and deception. It’s recognition of the fact that organization can no longer sit back and wait to react when bad things happen. Rather, Organization must proactively make changes to channel the adversary and disrupt the function. The difference between Passive and Active defence is being punched in the face by the attacker and then fighting back versus blocking the punch that was the target likely your face.
- It’s Data-Efficient
For every GB of telemetry Organization collects from other sources, deception data is measured in tens of MBs. A fraction, deception generates better data, not a big data. One solution for detecting the adversary is simply collecting better, high fidelity data.
Why there is need for Threat Deception?
• If Organization is lower on the security maturity scale, its asymmetric value delivery will protect you tomorrow.
• If Organization is higher on the maturity scale, its data efficiency will sharpen your existing security stack.
But perhaps most importantly, it’s unique because it anticipates where the adversary might go and implementer can actively smoke out a threat with something as simple as a decoy. As financial sector organisation that supports one of the most critical functions for the day-to-day existence of humanity, it’s imperative to adopt any approach that gives organization the advantage of when to defend and deception gives a clear, marked advantage.