BitDepth#1489

Mark Lyndersay

THE PANEL discussion that comprised the second half of the ISC2 Scam Defence seminar on November 30 made clear some of the challenges that regional cybersecurity experts face.

Those hurdles include a reluctance to retire ageing, vulnerable equipment, fundamental misunderstandings by C-Suite management about areas of digital weakness and poorly implemented network security regimes.

Dark web researcher and penetration tester Shiva Parasram explained the history of the EternalBlue exploit, created by the National Security Agency (NSA) of the US government.

The NSA engineered the exploit in 2012 to access computers running then current versions of Microsoft Windows but didn't tell the company anything about it until 2017, when the Shadow Brokers, a hacker group, got hold of the code and released it widely.

Microsoft quickly engineered and released a patch, but unpatched systems remained vulnerable and the WannaCry virus used the exploit to spread, causing millions in damage and downtime.

If the vulnerability remains unpatched on a modern system, the likelihood of a successful breach is close to 100 per cent.

"It's a bit worrying because there are a lot of systems that still run (older) applications and you can't upgrade them," said dark web researcher and penetration tester Shiva Parasram.

"If I were to jump on a Kali Linux system and I found one of those older systems on Windows 7 or Server 2000 it would take two to five minutes to fully compromise the system. There are hundreds of thousands of exploits out there and it's pretty tough to defend against them all."

"In a network, there are a lot of vulnerabilities and they can happen at different levels of your technology," said Ajmal Nazim, cybersecurity consultant and systems auditor.

"The firewall is your perimeter, it's your first line of defence. But once you get inside of the network, then you need defences and a proper segmentation of the network. So if they do breach the perimeter, then it shouldn't be that it's a free-for-all on your internal network, no matter how big it is. The infrastructure should be properly segmented so if anything they'll only get into one segment."

Whether the attack comes from a successful external attempt, exploiting a vulnerability or from inside, perhaps a disgruntled employee, an exploit needs just one vulnerability. The attack can then move laterally throughout the network and, through an escalation of privileges, can compromise the entire network. They will encrypt your entire network, they will exfiltrate data. They will demand a ransom.

"Companies will think that once they have a firewall in, then they have done what's needed," Nazim said.

Scofield Thomas, managing director of 800-TECH, offered examples of worrying real-world experiences.

In one instance, he found a client running the business without a firewall.

"It was giving trouble, it was blocking things, so we took it out," was the response.

"I recently spoke with a new client who is running Microsoft Server