Tag Archives: Attack Vector

Some thoughts about: People and process remain the soft underbelly of banks

25 April 2015

In post ‘Security Think Tank: People and process remain the soft underbelly of banks’, John Colley discusses on the example of the Carbanak attack some new concepts for surviving the cyber war.

I like the idea of sharing knowledge about attack vectors and best practice for the defense against cyber-attacks across industries. But what is the proper scope for action?

John Colley writes:

‘Even worse, the persistence of bad cyber security practices is driving banks to try to protect badly designed systems by hiding them from view. Many banks try to prevent attackers discovering what internal programs they use; yet it shouldn’t matter if outsiders know what software a bank uses for its internal systems, if that software is secured properly in the first place.’

I am discussing such issues for months now. My advice is crystal clear:

Before you start sharing information about your internal systems with whatever partner, carefully consider

  • what information and what level of detail is required, and
  • how the information must be protected.

Every available information about your internal systems will support attackers in finding vulnerabilities in your systems. Remember: It’s merely a matter of time before cyber criminals break into your company network…

Too many details increase the attack surface of your company!

Have a good weekend!

Premera is still stuck in my mind

9 April 2015

Every data breach tells a story. Since only the attacker has the detailed story board we are left to guesswork about the plot of the cyber-attack. But from the sometimes weeks later published really interesting news about a cyber-attack we could try to create our own rough storyboard.

The lessons learned from the plot of a cyber-attack

  • May show the weak points of our defense system, or
  • May support us in evaluation of our defense system and the residual risk we take, or
  • May support us in developing appropriate counter measures.

I’m in particular interested in the beginning of the story (the initial attack vector). And of course in the development after gaining access to a company’s network.

In the next weeks I like to develop a plot of the Premera cyber-attack. I would be pleased if you would join me in this journey. Suggestions and comments are highly welcome.

Here’s some food for thought. Dan Bowman writes in ‘Premera knew systems were vulnerable prior to attack’ published 19 March 2015:

Premera’s systems initially were breached on May 5, 2014, but were not detected until Jan. 29 of this year.’

How could attackers stay undetected for nearly nine month? Any ideas?

Have fun!