Privileged Access Management

Preventing Cyber Espionage: Cyber Espionage and Corporate Security

The threat of cyber espionage used to primarily be the domain of defense officials and writers of pulp fiction. No more.

Today, the most likely victim of a state-sponsored cyberespionage effort is a corporate network:

Just ask Yahoo, which saw its valuation chopped to $350 million after having 500 million email accounts compromised by hackers employed by the FSB.
Or talk to Ukrainian power utilities that were forced offline by a remote attack widely attributed to Russian agents and caused more than 230,000 residents to lose power.
And let’s not forget about the Sony Pictures hack of 2014 that was attributed to North Korea by the FBI.
Want another example? What about the idea that Russian intelligence agents may have been hoovering up your employees’ entire iPhone backups… complete with any corporate data and, likely as not, access to your networks.

What’s behind this sudden influx of spies hacking into civilian networks and devices? Who’s next? More importantly, how do you protect your organization’s data?

Cyber Espionage is an Issue for Every Company

Why does every CISO have to be concerned about cyber espionage— even if his or her organization is well removed from classified or other obviously strategic information?

The answer lies in the interconnectedness of both the Internet and global commerce.

We all know that there’s no sense in storming a well-fortified front gate if there’s a barely latched backdoor available. Those backdoors are frequently subcontractors, service providers, vendors, partners, customers, industrial control systems, and even apparently innocuous but Internet-enabled devices.

The interconnectedness of global commerce means that there are more backdoors to check than ever before. Just think about the much-ballyhooed Internet of Things… which sometimes feels as if it might be better described as “The Internet of Barely Latched Backdoors.”

Ok, Who Left the Backdoor Unlatched?

These backdoors give hackers a quick on-ramp to your network from where they can often quickly do further damage with upgraded privileges.

Access is chained from one network and one privileged account to the next. That’s why password sharing is such a huge liability.

For example, most people don’t care if their password for the local delivery service might get hacked, but that becomes problematic when that password combination can then be used to unlock (directly or indirectly by guessing patterns) one person’s personal Gmail account… which happens to be the backup account to his or her corporate email… which in turn provides the keys to an admin account on your corporate database… which, well, that’s the data in your database gone… and that data in turn probably leads to whatever private information your company has left. All because someone used a vulnerable password for his pizza delivery.

You’re vulnerable to cyber espionage whether you’re delivering pizza or protecting the design for next-gen nuclear submarines and have employees who eat pizza.

This interconnectedness is in turn much easier to exploit than in the past, thanks to increasingly user-friendly hacking tools and widely available malware-as-a-service offerings. Cyber espionage is increasingly subcontracted.

The hardest question hackers have to answer is should they get the “pro” or “enterprise” malware-as-a-service package?

With so many cyber weapons lying around, it’s not a surprise that people are getting hurt.

Of course, we shouldn’t let the intelligence arms of western governments, especially those of the United States, off the hook here. While few cyber experts are shocked to hear that the United States has been stockpiling zero-day exploits and other cyber weapons… more than a few expressed consternation that they were apparently careless enough to allow these weapons to escape from their supposedly secure weapons locker in Langley, VA. Nearly than 9,000 exploits, how-to’s, and other classified files were apparently passed around various cybersecurity and hacker communities until finally being revealed by WikiLeaks. They are now effectively in the wild.

Having so many of the CIA’s own tools available to hackers (both state- sponsored and not) just adds fuel to the cyber espionage fire.

How Corporate Security Can Prevent Cyber Espionage

Every CISO’s top concern, right now, should be that his or her organization will be subjected to numerous cyber attacks… including ones by state-supported actors. This ups the defensive ante, but luckily most companies are not targets in and of themselves of state-sponsored actors. They are more likely conduits to a bigger target. So, rather than ensuring that they are able to withstand a direct assault by a full-fledged governmental cyber attack, most companies can get away with ensuring that they are not the proverbial “barely latched backdoor.”

PAM: Your #1 Defense against Cyber Espionage

So, where do you start? Well, this is the WALLIX blog, so you shouldn’t be surprised that we’re going to recommend a solid Privileged Access Management (PAM) solution as a good defense. Self-promotion aside, a fully implemented PAM solution would prevent the vast majority of attacks, state-sponsored or not, that we discussed in this article:

An access manager, combined with an embedded password vault, provides a huge barrier to any espionage attempts in that it assigns a very secure password to every device or application that is approved for every user. Furthermore, password sharing and leapfrogging are prevented because end users never even know the actual password that is used on any given application or device. Admins can easily rotate actual device passwords at whatever frequency they choose—all of which is completely transparent to the end users.
A session manager adds significant enhancement to this base level of security by providing both an unimpeachable audit trail of every privileged action on your network as well as granular control of what actions are allowed by any given user. Forbidden actions can be blocked and/or trigger session termination and/or have an alert sent to the security admin.

If China, Russia, or the United States really look after your corporate network… they’re going to get in. But if you don’t make it easy for them… and you’re not in their direct line of fire, they will likely pick on someone else.

The next step to preventing cyber espionage?

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
trackalyzer	1 year	This cookie is used by Leadlander. The cookie is used to analyse the website visitors and monitor traffic patterns.

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
messagesUtk	1 year 24 days	This cookie is set by hubspot. This cookie is used to recognize the user who have chatted using the messages tool. This cookies is stored if the user leaves before they are added as a contact. If the returning user visits again with this cookie on the browser, the chat history with the user will be loaded.

Cookie	Duration	Description
__cfduid	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_gat_UA-12183334-1	1 minute	No description
AnalyticsSyncHistory	1 month	No description
CONSENT	16 years 9 months 23 days 12 hours 13 minutes	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
wp-wpml_current_language	1 day	No description

Preventing Cyber Espionage: Cyber Espionage and Corporate Security

Cyber Espionage is an Issue for Every Company

Ok, Who Left the Backdoor Unlatched?

How Corporate Security Can Prevent Cyber Espionage

PAM: Your #1 Defense against Cyber Espionage

IT Security Productivity

Industrial Control Systems Security: An Interview with WALLIX

Related Blogs

Related Resources

Products

Solutions

Resources

About