On 2/5 and 2/12, Forbes continued its "Conversations On Cybersecurity" series by Alan Paller. The series recounts a conversation that Paller (a cyber-expert) had with two managing partners at a large NYC law firm. The first part of the series explained why hackers, particularly the Chinese, are increasingly targeting law firms. Hackers target law firms as an end run around the client's better cybersecurity; law firms usually have poorer cybersecurity, so it's easier to get to the client's files through the law firm.
The second part of the Forbes series opened with Paller explaining how the cyber industrial spies had gotten into the firm's networks. Specifically, the hackers likely conducted a targeted phising attack (spear phising) by conducting reconnaissance on the firm. Then the hackers sent a carefully tailored e-mail (which was made to look like it come from another partner at the firm) to one of the managing partners. Once the managing partner opens the spoofed e-mail, the hacker likely has access to the entire network. Paller also discounts attorney tech training programs as necessary, but insufficient: "It would be like training kids in defensive driving and then sending them out in a Volkswagon to drive in a trucker’s demolition derby."
The third part of the Forbes series explained why "best practice" cybersecurity methods like antivirus programs and firewalls aren't enough. First, the firewall can't detect a carefully spoofed e-mail. Second, the anti-virus program might work, but the "arms race between attackers and [anti-virus] researchers is being won by the attackers." In reality, hackers are able to get around anti-virus protections; anti-virus companies have to merely react to new viruses.
Paller concludes the series by referencing a new method of stopping targeted intrusions by the Australian Defense Signals Directorate. Paller is waiting to describe the method in the fourth part of the series, which has not yet been published. I took a quick look around and found that the Australians have 4 highly touted controls for stopping targeted intrusions. They call these controls the "sweet spot." According to the Australian Department of Defence, the sweet spot is made up of the following 4 controls:
- "patch applications such as PDF readers, Microsoft Office, Java, Flash Player and web browsers"
- "patch operating system vulnerabilities"
- "minimise the number of users with administrative privileges"
- "use application whitelisting to help prevent malicious software and other unapproved programs from running."
According to Paller, the White House loved this idea so much that Howard Schmidt (the WH Cyber Coordinator) "gave the Australians a U.S. National Cybersecurity Innovation Award . . ."
Take a look at the 1st, 2nd, and 3rd part of the Forbes series.
Leave a Reply