The impact of a 5th generation cyber-attack can be devastating to an organization. To combat today’s multi-vector mega-attacks, organizations must be proactive by utilizing advanced technologies that can prevent even the most evasive zero-day attacks. WannaCry and NotPetya introduced the 5th generation of malware. They demonstrated how multi-vector mega attacks can spread quickly from business to business across oceans and continents. Enterprise networks and cloud services as well as desktop and mobile endpoints are all targets of 5th generation attack campaigns. No industry or sector is immune.
Prevention starts now. In this article, you’ll learn:
- The top 5 principles of cyber attack prevention.
- How to protect all IT elements (networks and environments) with an effective and consolidated security architecture.
- The cyber security technologies and strategies that prevent 5th generation cyber attacks.
- How real advanced threat prevention blocks attacks before damage occurs.
Prevention is the key to defending against today’s advanced cyber attacks. Read on this article for a clear understanding of today’s 5th generation threats and the Gen V solutions purpose-built to stop them, to learn how you can protect your organization against cyber threats with Infinity security architecture.
A Wake Call
How to prevent the next attack
The age of super powered cybercrime
The Bottom Line
In the wake of the recent outbreaks of WannaCry and Petya, and large breaches such as the HBO leak and Equifax, organizations are increasingly worried about their business vulnerability to cyber threats. This is for good reason – these two incidents illustrate the huge global impact and devastation that may be caused by modern cyber-attacks. Today’s threat actors have more powerful and destructive tools at their disposal than ever before.
This document discusses the growing threats and potential damages posed by cyberattacks, and provides guidelines to the approaches organizations should take and technologies they should use in order to prevent the next attack.
A Wake Call
The future is here – in today’s world everything and everyone is constantly connected, and people’s information and transactions are completely digitized. This incredible technological era holds huge opportunities for mankind, but at the same time it means that organizations are more vulnerable and more exposed than ever before.
In May and June of 2017, the world witnessed two massive cyberattacks that demonstrated the world’s fragility. The outbreaks, dubbed WannaCry and Petya, rapidly propagated by exploiting Windows vulnerability and caused tremendous damage worldwide.
The Petya attack (sometimes referred to as NotPetya) was reportedly spread through updates of a compromised Ukrainian accounting software. Once a system was infected, the attack moved laterally, exploiting vulnerabilities in the Windows operating system to infect other hosts on the network. Ukrainian banks, ministries, media, and energy companies were shut down and Ukrainian infrastructure was crippled. Although seemingly focused on Ukrainian targets, in actuality Petya generated global damage, paralyzing companies across the world and causing huge financial losses.
The WannaCry outbreak from a month earlier was even larger in scale and impact. Within a day it had infected over 230,000 computers across 150 countries. Similar to Petya, WannaCry severely impacted many companies globally. Among its victims were hospitals in the UK, carmaker Renault, Russian and German Railways, Telefónica, O2, Hitachi, LATAM Airlines and FedEx. Estimates of the total damage range from hundreds of millions of dollars to up to $4 billion. These attacks, along with others targeting health care institutions, TV productions (HBO leak) and financial services such as the Equifax breach, all present to us, in a very clear voice, the overwhelming, growing threat that cyber based attacks impose on our society and our daily lives.
Cyberattacks continue to grow at an alarming rate – in volume, sophistication and impact. As of May 2017, Check Point products detect over 17 million attacks each week, more than half of these attacks include payloads which are unknown at the time of detection and cannot be detected by conventional signature-based technology.
In this age of super powered cybercrime, the need to protect from advanced attacks is more essential than ever before. Companies must utilize cutting-edge technologies in order to remain protected.
How to prevent the next attack
The impacts of the Petya and WannaCry attacks were not inevitable. With the correct measures and technologies in place, many organizations were able to avoid these attacks.
In order to truly combat the next threats, organizations must take a proactive approach, utilizing advanced technologies that can prevent even the most evasive zero-day attacks.
The next attack can be prevented, if companies will change their view on security, and follow a few principles:
1. Maintain Security Hygiene
Maintaining solid security hygiene across all IT systems will reduce the attack surface and can help prevent or contain many attacks. The top measures and best practices that should be followed include:
Patching: All too often, attacks penetrate by leveraging known vulnerabilities for which a patch exists but has not been applied. Organizations should strive to make sure up-to-date security patches are maintained across all systems and software.
Segmentation: Networks should be segmented, applying strong firewall and IPS safeguards between the network segments in order to contain infections from propagating across the entire network.
Review: Security products’ policies must be carefully reviewed, and incident logs and alerts should be continuously monitored.
Audit: Routine audits and penetration testing should be conducted across all systems.
Principle of Least Privilege: User and software privileges should be kept to a minimum – is there really a need for all users to have local admin rights on their PCs?
2. Choosing Prevention Over Detection
Companies and other players in the industry often claim that attacks will happen either way, there is no way to avoid them, and therefore the only thing left to do is to invest in technologies that detect the attack once it has already breached the network, and mitigate the damages as soon as possible.
This is simply not true! Not only can attacks be blocked, Zero-Day attacks and unknown malware are also preventable. With the right technologies in place, the majority of attacks, even the most advanced ones can be prevented without disrupting the normal business flow.
3. Leveraging a Complete Unified Architecture
Many companies attempt to build their security using a patchwork of point products from multiple vendors. This approach almost always fails: it results in disjoint technologies that don’t collaborate – creating security gaps, and it introduces a huge overhead of working with multiple systems and vendors. As a result of this inefficient approach many attacks are not prevented, forcing organizations to invest more on post-infection and breach mitigation.
In order to achieve comprehensive security, companies should adopt a unified multi-layer approach that protects all IT elements – networks, endpoint, cloud and mobile, all sharing the same prevention architecture and the same threat intelligence.
4. Covering All Attack Vectors
Attackers use many malicious tricks to penetrate. The top vectors include:
Mail or Message: Send a mail or text message with a malicious attachment or a malicious link.
Web Browsing: Compromise the user’s browser (typically through exploit kits) or trick a user to download and open a malicious file.
Server and Systems Exploitation: Infect by exploiting unpatched vulnerabilities in any online host.
Mobile Apps: One of the most common sources for compromising mobile devices is through mobile apps.
External Storage: Physically mounted drives allow malicious files to enter without even traversing the network.
To achieve effective coverage, organizations should seek a single solution that can cover all bases, one that provides a broad prevention across all surfaces of attack, including mail, web browsing, systems exploitation, external storage, mobile apps and more.
5. Implementing the Most Advanced Technologies
Attack techniques are diverse and constantly evolving. IT systems are complex. There is no silver-bullet single technology that can protect from all threats and all threat vectors.
There are many great technologies and ideas available – machine learning, sandbox, anomaly detection, content disarmament, and numerous more. Each of these technologies can be highly effective in specific scenarios, covering specific file types or attack vectors. Strong solutions integrate a wide range of technologies and innovations in order to effectively combat modern attacks in IT environments.
The age of super powered cybercrime
The WannaCry and Petya attacks both encrypted victims’ files and demanded ransom. However, these two attacks have something much more fundamental in common: both leveraged cyber-weapons which were developed by the National Security Agency of the United States and leaked to the public in April 2017.
The US is hardly the only country developing sophisticated offensive cyberwarfare capabilities. Nation-states across the globe are investing billions and employing top talent to create advanced hacking tools and cyber weaponry.
Was the NSA leak from April the last of its kind? It would be naïve to believe so. In all likelihood, we will see more military-grade cyber tools exposed in the future. The WannaCry and Petya attacks illustrate how leaked tools and knowledge from powerful threat actors put incredible firepower in the hands of common cyber criminals.
The Bottom Line
Today’s cyber threat landscape is overwhelming and includes various methods of growing concerns, including cyber threats that threaten our daily lives and society’s welfare. The good news is that getting hit is not predetermined and can be avoided.
Even with numerous daily cyberattacks, the WannaCry and Petya outbreaks stand-out due to their rapid propagation, their devastating impact, and above all their use of leaked superpower cyber weapons. Many look upon these attacks as a wakeup call, a call to reduce business vulnerability to cyberattacks and to the disastrous potential they pose to day to day business operations.
Relying on post-infection breach detection and mitigation as the sole security strategy is a risky and dangerous paradigm.
Prevention is possible – the next attack can be prevented!
In order to truly combat the next threats, organizations must take a proactive approach, utilizing advanced technologies that can prevent even the most evasive zero-day attacks. Companies should seek to adopt a proven unified solution, which offers a broad multi-layered cyber protection architecture, implemented across their entire IT infrastructure and covering all attack vectors.
Source: Check Point Software white paper: The Next Cyber Attack Can Be Prevented