News broke back in March 2016 that several major law firms in the US had been breached by hackers. This may have slipped somewhat under the radar, as just a few days later came the announcement of the Mossack Fonseca leak (it was also a breach), but this widespread breach could have left the confidential information of these firms’ clients exposed.
The hacker (or hackers) motivation? They were thought to be seeking valuable information which could be used for insider trading – which could then be leveraged for competitive advantage or sold on to stock traders or others with a vested interest for a hefty bounty.
Financial motivation is often a factor in such attacks. Information is a valuable commodity, and in a connected world the attack surface of companies is massively increased, creating opportunities for corporate espionage to take place.
Even the tightest controls can’t assure protection from this developing threat, and increasingly hackers are providing their services online for a fee. This rise of the “hacker-for-hire” increases the challenge of information security teams. We’re seeing increasing maturity in the business models used by cybercriminals, and attacks are growing in sophistication at an alarming rate.
The firms affected include US legal giants Cravath Swaine & Moore LLP and Weil Gotshall & Manges LLP, whose clients include major Wall Street banks and Fortune 500 companies, making any corporate information the law firms held valuable assets to each. Client confidentiality is of utmost importance to law firms – so how did the hackers gain access to such a prestigious group of firms?
Although no official timeline of the breaches has been confirmed with the firms being decidedly tight lipped, Cravaith, Swaine & Moore apparently stated that the initial incident occurred during summer 2015 – which suggests an unknown and exploited vulnerability had been left open on their network for some time, and that evidence of exploitation of said vulnerability had come to the fore.
Many data breaches are the result of vulnerabilities in company networks, which can lay open for months, even years, without anyone at the company being aware of their existence. These potential backdoors can leave sensitive information exposed, ripe for the picking of skilled hackers.
If these unknown security vulnerabilities happen to be an exploit of a zero day vulnerability (one that is not known to the software or hardware vendor and does not have a patch available) they can become very dangerous to organisations if they’re not discovered and dealt with effectively. Zero day vulnerabilities crop up regularly in cybersecurity news – recent stories of note include hackers searching for and attempting to exploit vulnerabilities in US voter registration systems and Cisco Systems discovering a zero day exploit among the NSA exploits which were recently leaked.
A lot is at stake when organisations aren’t up to date on their security program and testing schedule, making them potentially unaware of their own security problems. In 2015, a security researcher uncovered a cyber-attack on a company where plaintext usernames and password were being covertly siphoned through a backdoor in their email web app . By the time the vulnerability was discovered, some 11,000 username and password combinations were found to have been stolen – potentially giving malicious parties access to sensitive company data. This is just one example but there are countless others out there. So what can you do?
Shut the door
Make sure your software and hardware, OS and firmware is patched and get your systems regularly security tested. You should also consider investing in a Security Incident and Event Monitoring System (SIEM) solution to search for strange activity on your network. This is especially useful if you have been the victim of a zero-day exploit.
Maintaining a healthy schedule of testing is vital to keeping unwanted attackers from compromising your networks. Carrying out penetration testing on your networks helps you to discover and understand vulnerabilities – allowing you to shut the door on the hackers before they find their way inside.
Attacks on UK SMEs are on the rise. Although many SMEs are of the belief that their size lessens their likelihood of being attacked, this actually makes them more likely to be targeted by hackers, as a lack of security controls makes them easy pickings for cybercriminals. A huge proportion of losses to organisations following a data breach comes from reputation damage – large companies can more afford to take the hit, but smaller ventures may face irreconcilable losses resulting from lost business and downtime required to pick up the pieces.
Penetration testing isn’t disruptive to your business, and it doesn’t have to cost the world. Unlike a security breach, testing will never sneak up when you least expect it – hackers could strike just before you close the biggest deal of the year, or following a run of success with some high-profile clients.
Commissum will work to understand your business, before collaborating with you on a proportionate testing plan to suit your unique requirements – all of this with the minimum disruption to your day-to-day. Commissum can also provide SIEM solutions for those looking to take their security to the next level.
Through constant vigilance and testing, you can remediate vulnerabilities in your network before the hackers discover or exploit them. This gives you the confidence to focus on what’s important, enabling you to make the most of the opportunities available in the networked world.