There’s a new Matrix in town, and it’s not another movie sequel.
It’s a cybersecurity matrix to prevent threat actors from gaining access to networks and pilfering data or installing ransomware. It’s the IT’s version of the super slow motion back bending move to avoid the hacker bullet.
If you want to take the pill, the website is here.
What lives there is a well thought out threat matrix that includes several tactics and techniques in a format outlining several cybercriminal attack avenues. The topics include initial access, defense invasion, lateral movement, exfiltration, and impact on the network. The attack vectors and cybersecurity issues have been listed and explained in several articles elsewhere. Still, this site puts them all together with an explanation about what each means and how to prevent it.
For instance, the site lists in their Initial Access column, the title of “External Remote Connections.”
What does the term External Remote Connections mean?
“Remote services such as VPNs, Citrix, and other access mechanisms allow users to connect to internal enterprise network resources from external locations… Adversaries may use remote services to initially access and/or persist within a network.”
From there, the page presents real-world examples revealing how they use vulnerabilities to access the network data and how it transpired. The matrix topics could be a template for securing a network. The site goes on to list several mitigation strategies, such as network segmentation and multi-factor authentication.
Locked-down security in today’s cloud environment is essential for data security
A black hat could exploit PII (Personal Identifiable Information) for monetary gain several months after the initial data breach. It could be a never-ending nightmare. The site presents a wealth of information that includes pre-attack network security techniques, assessing damage after a data breach, and setting up and implementing an IT disaster recovery plan.
Why is a proactive defense strategy important?
It does happen.
Several months ago, ransomware cybercriminals leveraged a vulnerability on a VPN server device to get credentials and profiles. Without getting into the details, the cybercriminals used a flaw in the VPN SSL to gain access and get domain administrator access, then installing a protocol and using PsExec for lateral movement. The threat actor then disabled endpoint security tools.
What About Patching?
The data mined and the ransomware installed was a boon to cyber-criminal groups. After installing the patch on systems to fix the vulnerability almost a year ago, compromised Active Directory credentials gained access to the original organizations yet again. The data still lives, although the vulnerability might have been patched long ago. The damage is still here. What’s worse is that some of the vendor VPN devices have yet to be patched.
Patching a vulnerability mitigates the risk now, but the damage is done. The best strategy is being proactive with a defense-in-depth approach that covers all the network layers. A cybercriminal may find a way around one wall. It’s the security’s responsibility to have another wall behind the initial barrier and another one after that.
As Morpheus said in The Matrix, “…there’s a difference between knowing the path and walking the path.”
Secure Your Work Environment Today
At Control Cloud, we work with you to build an optimal, secure, remote work environment for your business. Whether it’s private, public, or a hybrid solution – we’ve got you covered.
Chief content and technical writer
Rick Bretz possesses comprehensive experience in several subjects including video editing and production, radio/TV and journalism writing, videography, radio broadcasting, IT Management, Information Security and Assurance. He also works as a Senior Cyber Security Engineer for Vulnerability Management, Service/Infrastructure Operations and Platforms Support for the government. Mr. Bretz also is a documentation and technical writer for the Veteran Administration’s Continuous Readiness in Information Security Program. He also served in the US Army beginning in 1979, graduating from leadership schools and from Journalism, Broadcasting, Newspaper Editing and Public Affairs Supervisor courses. He retired from the Army with many writing and broadcasting awards to accept video production and management positions. He holds a BS degree in Information Technology with a Specialization in Security Assurance from Capella University and has a Security + Certification from CompTIA. Mr. Bretz also writes his own blog on topics that interest him that can be reached at pastparallelpaths.com.