The following is a summary of our recent interview with Carl Wright, which can be listened to on our site here or on iTunes here.
We’re increasingly inundated with news of digital attacks on private businesses and governmental institutions. Now, however, security experts have begun implementing novel techniques to tip the scales when it comes to cyberwarfare and cybercrime. This time on FS Insider, Carl Wright, general manager at TrapX Security, discusses the new methods helping to defeat those attempting to compromise computer systems.
Security Solutions Using Deception
The number of cyber attacks has been escalating over the last few years, and Wright doesn’t see the number of breaches that companies have to deal with diminishing.
The challenge for security experts then is figuring out how to outsmart cybercriminals and fight this growing threat head-on. To that end, Wright said TrapX uses a different approach involving some covert tactics.
“We are a deception technology vendor that comingles real assets with fake assets at a massive level within a computing environment,” he said. “When adversaries successfully penetrate some aspect of the enterprise architecture and they move laterally, invariably they will run into and interact with our fake assets.”
The secret is to create an illusion that appears to be as real as the infrastructure being defended, Wright noted. To facilitate this approach, the company uses a lot of automation.
“This isn’t a separate network or separate infrastructure,” Wright said. “These illusions and emulations are deployed on the same network as the existing customer uses.”
Major Targets
Right now, the top industry targeted is healthcare, Wright stated. The biggest issue is many healthcare organizations have the infrastructure they can’t defend, such as equipment and medical devices.
TrapX has the ability to emulate medical devices to combat this issue, Wright stated. When attackers come in, they can’t tell the difference between real medical devices and emulated ones.
“We call it ‘med-jack,’ or medical device hijacking,” Wright said. “Over 37 percent of all the data breaches in 2015 were targeted at healthcare organizations. That’s because of PII (Personally Identifiable Information) data, or patient record data that is very valuable on the black market, on the darknets.”
In TrapX’s white paper “Medjack,” one of its Anatomy of Attack series, the company details the case of a Russian crime syndicate specifically targeting medical devices and using those to attack the healthcare information technology environment and remove data and launch CryptoLocker attacks — which involve locking a victim out of a system and demanding ransom for access.
“These techniques … we’ve been seeing in the healthcare market over the last 18 months … have been so profitable for these attackers, they’re starting to pivot (with) those methodologies into more traditional lines, such as manufacturing, pharmaceuticals and certainly finance,” Wright said.
Profits are so large, criminal syndicates are using money stolen in this way to develop more sophisticated techniques to go after bigger targets and larger paydays.
SWIFT Attacks and Countermeasures
Banks use a specific network to communicate information about financial transactions, provided by the Society for Worldwide Interbank Financial Telecommunication — known as SWIFT.
Predictably, attackers are targeting that system and the banks that utilize it. There’s been over 0 million stolen in 2016 alone, Wright noted, with four different major breaches that involve the SWIFT system.
However, SWIFT as a system is inherently secure, Wright noted. What he’s seeing is the failure of banking institutions to follow best practices, which is what led to a compromise of the system.
“Attackers are actively seeking the SWIFT systems,” Wright said. “What we’re doing is creating what we call SWIFT darknets, where we deploy fake SWIFT systems inside of the corporate banking environment, such that when an asset … gets compromised, and the adversary moves laterally, looking for SWIFT systems, they find us instead.”
Once security experts have identified an attacker and isolated their attack, they can actually be extracting information from them, including who they are, where they came from, and information about their techniques, tactics, and procedures.
“There’s a very effective, fully automated way to deal with these attackers,” Wright said. “We think this is a paradigm shift and a force multiplier for our already overworked and understaffed security teams.”
Listen to this full interview with Carl Wright by logging in and clicking here. Become a subscriber and gain full access to our premium podcast interviews with various guest experts by clicking here.
