Why total network visibility is the antidote to slow-release cyber poison

Cyber security threats have long presented an ongoing problem for businesses, but recent data breaches and GDPR legislation have certainly highlighted the catastrophic consequences caused by attacks of this nature. Despite the intensified focus, and increasing investment in prevention strategy, the problem is very much ongoing.

This is a particular concern for large global corporations, who are dedicating substantial amounts of budget and resources fortifying their defences against ‘low and slow’ attacks. Attackers are creating multi-faceted attack vectors which continue to evolve as access to hacking software and open source toolsets increases.  Viruses, phishing attacks, Memcached reflections and cryptomining are just a few of the approaches that hackers are using to rip holes in corporate cyber defence applications.

So, what are the primary concerns, and how can businesses counteract these varied and antidote resistant forms of poison.

Information overload

The problem deepens if we observe the dramatic growth in subscribers, global data rates, internet and network users in general; the volume and significant value of this data can also be considered a serious cause of the problem. The volume and velocity of data at rest and in motion is at its peak, and companies have reason to worry as this data is also highly valuable to cybercriminals.

Organisations are very much aware of the problem, and last year alone invested on average an increased figure of £24,200 on DDoS mitigation according to CDNetworks. With more users comes an overwhelming increase in data, and this is undoubtedly one of the main causes of the problem.

Companies must strive to ensure that this information doesn’t fall into the wrong hands, but it is increasingly difficult to monitor and control as hacker technology evolves. Report findings from Securelist cite that the number of DDoS attacks and targets has risen significantly, and that long-duration attacks are also on the rise this year with the most sustained attack lasting 297 hours / more than 12 days – one of the longest in recent years.

In order to scale up cyber security to match these threats, it’s important to first grasp who is most at risk.

Who are the potential victims?

Globalisation has meant that all networks are inextricably linked, especially in business. This ever-connected state is largely advantageous, but it does also come with some devastating risks. The communications sector is considered as a Critical National Infrastructure, and it is imperative that our intricate web of interactions is safeguarded on a daily basis and not subject to malicious attack. Growing corporations are increasing their data rates and network sizes; more specifically it’s network and mobile operators, cloud providers, datacentres and ISPs that host millions of users, millions of connected devices and their data.

What is it that’s pursuing them?

It is these organisations that are falling victim to ‘slow-release’ or ‘low and slow’ attacks. These names are derived from the method in which the attack is smuggled in and also how it is executed. Initially, a probing stage occurs, where the hackers evaluate and monitor the overall structure and initial vulnerabilities of the target. This is often largely undetected. The tools effectively map out / establish a path for the vector to migrate across the network and infrastructure over a period of time, hence the ‘low and slow’ approach. These are then smuggled in over a long period of time in order to evade initial detection by imitating the structure of genuine traffic, or under the guise of another attack or breach as is the nature of DDoS. Multiple entry points are exposed especially in large expansive carrier-grade networks, and this is what’s really concerning.

The sheer volume of data means that cyber security systems struggle to keep up. The likelihood that some of these multiple entry points in the network can be exposed to potential attackers is unfortunately very high due to the enormity of the networks – many cyber security offerings simply cannot keep up with the sheer volume of data that they need to.

Once an attacker has slipped through the net, the ‘low and slow’ attacks work to slowly poison and disrupt internal operations. Alternatively, the effects can include slow installation of data with a view to infiltrate the system whilst avoiding detection as long as possible. These attacks are slow burners and accumulate damage over a long time period.

Moving forward with the right defence strategy

These ‘low and slow’ attacks can inevitably incur some serious internal damage if even one data point is breached. With the expansion of data stores comes an urgent responsibility to protect it and this continues to prove a challenge to all industries. The scale of threat posed by this nature of attack is alarmingly high; if one threat slips through the net the whole network can be compromised.

In light of this, carrier-grade network providers and operators especially need to ensure that they are adopting/integrating the right security solutions that have the capacity to handle large amounts of data monitoring and analysis. The solutions ideally need to:

  • Provide total network visibility
  • Allow for monitoring and analysis
  • Monitor and analyse IP traffic flows for Network Performance Monitoring & Diagnostics (NPMD)
  • Detect threats using a combination of anomaly detection and signature matching

These are the primary activities that must be undertaken within companies using systems that contain vast amounts of data. Organisations without the right approach to ‘low and slow’ attacks are at risk of allowing one insidious breach to corrupt an entire network from the inside out and beyond.

 

By Steve Patton, Cyber Security Specialist & Director, Telesoft


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.