Outsmarting Data Exfiltration Attempts with Identity-first Security
How can enterprises intercept data-centric attacks with identity-first security? Find out.
The goal for a bad actor in data exfiltration cyber attacks is access to an enterprise’s data for profit. Sectigo’s Tim Callan outlines actionable next steps for enterprises to mitigate the damage of data-centric attacks to secure digital trust.
It’s no surprise that ransomware has maintained its reputation as one of the biggest cybersecurity threats organizations have had to confront for over a decade. Sophisticated attack techniques partnered with new offerings such as ‘Ransomware-as-a-Service’ are providing criminals with all the tools they need to launch ransomware attacks at little cost that can lead to big rewards.
However, in today’s economy, data is arguably more valuable than money itself, which is why threat actors are embracing data exfiltration attacks as the next frontier.
To truly embrace the value of data to any one of us, you have to start by understanding that data may not always directly translate into cash. To put this into perspective – would you rather have $1 million right now or insight that will help you triple this amount over the next year? This is the type of data that cybercriminals are now mining and that organizations will not want to lose, especially in today’s unpredictable economy.
No, ransomware isn’t going anywhere anytime soon, but data exfiltration is proving to be a serious threat that organizations should be on the lookout for. Even the world’s largest cloud environments, such as Google Cloud, are reported to be vulnerable to data exfiltration incidents that could put organizations’ most sensitive data in the hands of malicious actors.
Creating an Appetite for Data
Data exfiltration is also known as data theft, data exportation or data extrusion. Despite its many names, all these terms are the unauthorized transfer of data from a specific computer, network or cloud environment. The goal of a data exfiltration attack is for the bad actor to gain access to an enterprise’s vast amounts of data for profit. Oftentimes, these attackers are sponsored by a deep-pocketed employer to focus on a specific high-value target and extract information that is of value to them.
Attacks might target industrial secrets. It’s widely believed that state-sponsored cyber actors attack industry leaders in competitive nations to give their home-grown industry an unfair leg up. You can imagine one of these actors stealing the designs, plans, and deep R&D ideas for, let’s say, a new chipset or bullet train or industrial manufacturing process and passing these ideas under the covers to competitive businesses located inside their own borders.
Or the intent might be to cause reputational damage and economic harm to another party. A well-known example of this occurred a few years ago when North Korean cyber actors succeeded in hacking into Sony’s corporate email servers and exposing embarrassing messages, presumably in retaliation for the commercial release of an American film that was deemed insulting to North Korean leader Kim Jong-un.
Sometimes bad actors are simply looking to gain access to a veritable buffet of personally identifiable information (PII) – names, birthdays, social security numbers, and so on – that they can then sell on the dark web to any identity thieves or use themselves to open up a credit card or take out a loan in someone else’s name. Custom data exfiltration malware tools make this goal easier than ever, and as long as the hack remains undiscovered, the bad guys can keep going back to the well and filling up personal records that they can exploit.
So, how should enterprises best respond to this threat landscape and protect against data exfiltration attacks?
See More: Lock and Key: Compromised Credentials and Growing Ransomware Threats
Identity-first Security Provides a Solution
To understand how to head off the threat, it’s helpful to understand how a data exfiltration event typically unfolds.
Penetrating somebody’s network and getting to the desired data almost always involves some kind of credential theft. The first step the bad actors take is to socially engineer a target (i.e., send them a phishing email or otherwise trick them into giving up sensitive information like login credentials). Once the attackers gain basic credential access, they can snoop around on the network to see if they can gain access to any sensitive files.
When the attackers are on the inside, they can also look for opportunities to steal additional credentials with increasingly accelerating privileges, gaining more and more access along the way. The recent Uber hack, for example, started with just one compromised employee’s credentials, which the hacker was able to leverage to find PowerShell scripts on Uber’s intranet containing more privileged management credentials that provided greater access.
With access in hand, bad actors can exfiltrate whatever data that their credentials give them access to, and they can often take their sweet time. The infamous Equifax attack of 2017, for example, went on for several months before it was found out, putting the personal information of 177.7 million Americans at risk.
An identity-first security approach can help thwart these data extortions. With this approach, the idea is for enterprises to mitigate the damage from identity and data-centric attacks by establishing and maintaining digital trust for every single identity in their environments, both human and machine (software, bots, devices, applications, etc.) – ensuring only valid and trusted digital identities can log into networks.
One proven way to establish digital trust in identities is by leveraging public key infrastructure (PKI) digital certificates. This technology has been around for decades and remains the most secure way to provide authentication and continuously prove identity. Certificates issued by certificate authorities (CAs) provide validation that the user or machine is trusted and secure.
Rooting digital identities in digital certificates, for humans and machines, ensures that identity-first security has a strong foundation. Of course, as the volume of both human and machine identities continues to rise, so does the number of certificates that need to be managed, which makes some form of automated certificate lifecycle management (CLM) essential. Without it, enterprises will have difficulty putting identity at the center of security design and will remain vulnerable to data exfiltration attacks.
As long as there are bad actors who want access to data (and there always will be), enterprises must stay on guard. By prioritizing the importance of identity and data access with an identity-first security approach, enterprises will take an important step towards safeguarding against this threat and thwarting any data exfiltration attempts that come their way.
How are you protecting against data exfiltration attacks? Share with us on Facebook, Twitter, and LinkedIn. We’d love to learn from you!
Image Source: Shutterstock
MORE ON DATA EXFILTRATION:
