1. USB thumb drives: Believe it or not, USB drives are actually one of, if not the most, common ways you can infect a network from inside a firewall. There are several reasons for this; they're inexpensive, small, hold a lot of data and can be used between multiple computer types. The ubiquity of thumb drives has driven hackers to develop targeted malware, such as the notorious Conficker worm, that can automatically execute upon connecting with a live USB port. What's worse is that default operating system configurations typically allow most programs (including malicious ones) to run automatically. That's the equivalent of everyone in your neighborhood having an electric garage door opener and being able to use it to open everyone else's garage doors.
2. Laptop and netbooks: Laptops are discreet, portable, include full operating systems, can operate using an internal battery and come with a handy Ethernet port for tapping directly into a network. What's more, a notebook may already have malicious code running in the background that is tasked to scour the network and find additional systems to infect. This notebook could belong to an internal employee or guest who's visiting and working from an open cube or office.
Beyond infected laptops compromising an internal network, it's important to think about the laptops themselves. All companies have some forms of sensitive information that absolutely cannot leave the walls of the building (salary information, medical records, home addresses, phone numbers and Social Security numbers are just a few obvious examples). It becomes very dangerous when that information is stored on an unsecured portable computer, as they are easy to walk off with. We've seen numerous, publicly disclosed instances of notebooks with sensitive data that have "gone missing." Unless the laptop employs a tough encryption algorithm, data is often easy to recover from any given file system.
3. Wireless access points: Wireless APs provide immediate connectivity to any user within proximity of the network. Wireless attacks by wardrivers (people in vehicles searching for unsecured Wi-Fi networks) are common and have caused significant damage in the past. TJ Stores, owners of Marshalls and TJMaxx, was attacked using this method, and intruders penetrated the company's computer systems that process and store customer transactions including credit card, debit card, check and merchandise return transactions. It's been reported that this intrusion has cost TJ Stores more than $500 million dollars to date.
Wireless APs are naturally insecure, regardless if encryption is used or not. Protocols such as wireless encryption protocol contain known vulnerabilities that are easily compromised with attack frameworks, such as Aircrack. More robust protocols such as wireless protected access (WPA) and WPA2 are still prone to dictionary attacks if strong keys are not used.
4. Miscellaneous USB devices: Thumb drives aren't the only USB-connected devices IT needs to be wary of. Many devices are also capable of storing data on common file systems that can be read and written to through a USB or similar connection. Since it isn't the primary function of these devices, they are often forgotten as a potential threat. The fact is, if an endpoint can read and execute data from the device, it can pose just as much of a threat as a thumb drive. These devices include digital cameras, MP3 players, printers, scanners, fax machines and even digital picture frames. In 2008, Best Buy reported that they found a virus in the Insignia picture frames they were selling at Christmas that came directly from the manufacturer.
5. Inside connections: Internal company employees can also inadvertently or intentionally access areas of the network that they wouldn't or shouldn't otherwise have access to and compromise endpoints using any of the means outlined in this article. Maybe the employee "borrows" a co-worker's machine while he's away at lunch. Maybe the employee asks a fellow worker for help accessing an area of the network that he doesn't have access to.
6. The Trojan human: Like the Trojan horse, the Trojan human comes into a business in some type of disguise. He could be in business attire or dressed like legitimate repairman (appliance, telecom, HVAC). These types of tricksters have been known to penetrate some pretty secure environments, including server rooms. Through our own social conditioning, we have the tendency to not stop and question an appropriately attired person we don't recognize in our office environment. An employee may not think twice about swiping their access card to allow a uniformed worker into their environment for servicing. It can take less than a minute for an unsupervised person in a server room to infect the network.
7. Optical media: In June 2010, an Army intelligence analyst was arrested after being charged with stealing and leaking confidential data to public networks. Sources claim the analyst did so by bringing in music CDs labeled with popular recording artists, using this medium only as a guise. Once he had access to a networked workstation, he would access the classified information he had authorized credentials for and store the data on the "music" CDs in encrypted archives. To help cover his tracks, the analyst would lip sync to the music that was supposedly stored on the CDs while at his workstation. Recordable media that appear to be legitimate can and has been used to piggyback data in and out of networks. And, like the thumb drives mentioned above, they can be used as a source for network infection.
8. Hindsight is 20/20: While much of this list focuses on mitigating threats that capitalize on digital technology, we shouldn't forget that the human mind is also very effective at storing information. Who is watching you when you log into your desktop? Where are your hard copies stored? What confidential documents are you reading on your laptop at the coffee shop, airplane, etc.?
9. Smartphones and other digital devices: Today, phones do more than just allow you to call anyone in the world from anywhere; they're full-functioning computers, complete with Wi-Fi connectivity, multithreaded operating systems, high storage capacity, high-resolution cameras and vast application support. And they, along with other portable tablet-like devices, are starting to be given the green light in business environments. These new devices have the potential to pose the same threats we've seen with notebooks and thumb drives. What's more, these devices also have the potential to elude traditional data-leak prevention solutions. What's to stop a user from taking a high-resolution picture of a computer screen, and then e-mailing it over a phone's 3G network?
10. E-mail: E-mail is frequently used within businesses to send and receive data; however, it's often misused. Messages with confidential information can easily be forwarded to any external target. In addition, the e-mails themselves can carry nasty viruses. One targeted e-mail could phish for access credentials from an employee. These stolen credentials would then be leveraged in a second-stage attack.
0 comments:
Post a Comment