Even with the new implementations of firewalls, IDSs, security policies, antivirus software, and employee training (AND WITH ALL THEIR COSTS INVOLVED), companies and their technological environments continue to be victims of cyber-attacks. After two decades with the same security issue, more than one thing must be wrong.
Cyber-Attacks | So where is the error?
We want to give the answer to this question by commenting on a situation that happened to us a couple of months ago in a new client’s company. We were consulted for a security assessment procedure on an internal Microsoft network.
Computer Attacks – The Typical Story
The systems administrator provided us with the security policy manual for employees and told us about all the systems installed for the detection and prompt response to computer attacks. We took the time to review the information; We wanted to ask you about the security policy regarding the use of USB sticks for employees; the answer was the following:
Everything is well secured, there is a group policy in the domain controller that does NOT allow the connection of USB devices to the computer and all computers have their antivirus updated.
We knew immediately that there was a big problem.
We took a modified USB from our toolkit (in hacker terminology they call it Rubber Ducky) and put it in the computer port of the systems administrator who was still talking to us and present; precisely 15 seconds later, our tester operator An email arrives on your phone with the information of the domain administrator’s username (yes, the same one that was there with us), the NTLM hash of your domain administrator password, and a list of the files stored in your profile of user. The company in 15 seconds had been the victim of a computer attack.
The system administrator’s face was no longer the same.
What happened next was quite peculiar, the first reaction that the system administrator had was to look sideways hoping that the IT director was not watching. So, there was a dialogue like this:
DOMAIN ADMINISTRATOR: How did this happen?
TESTER: The group policies of the domain controllers cannot stop the USB connection, if we modify the USB to be read as a keyboard or as a mouse, the system will read it.
DOMAIN ADMINISTRATOR: Ok, but why didn’t the antivirus alert the attack?
TESTER: For two reasons; because we use native language of the computer which is PowerShell and you are also using your computer with your administrator profile; computer attacks always run with the victim’s permissions, in this case, your permissions.
DOMAIN ADMINISTRATOR: What can we do to fix it?
TESTER: If you really want security you should use USB connection blockers for the ports that you do not use.
Now back to the question,
Why are companies still the victims of cyber-attacks if they are investing more money in security?
BECAUSE ATTACKERS ALWAYS GO A STEP AHEAD BECAUSE OF THEIR CRITICAL THINKING AND KNOWLEDGE OF THE SYSTEMS MISCONFIGURATIONS. Defenses and detection systems know about vulnerabilities, but they do not understand about manual computer attacks. An advanced attacker has infinite edges that depend on creativity. Antivirus, firewalls, and IDSs do not know how to recognize the intentions of the different types of attacks. It has never been more important than now to focus on an offensive process to defend your business technology network.
THAT’S WHY THE ATTACKERS GENERALLY SUCCEED, and antivirus and firewalls do not report.
BUT THERE IS ALWAYS A SOLUTION
If you want to know more about our services and RedDefense Global, visit us at: