Why United States end-users are so prone to cyber-attacks and what are our options!
The cost of Networking
One of my favorite courses in grad school was advanced networking security. I enjoyed it so much, that it was the focus of my thesis. I remember asking my professor, “with our advanced networking security techniques and applications why are we so susceptible to cyber-attacks.” His response, “our archaic infrastructure”; “America doesn’t replace obsolete networks, we just add on and make things backwards compatible.” That was a Eureka moment, it’s cost effective to build on to an existing system, then to erase the system and start over. Thankfully, our scientists made great strides, so that we can have high speed internet access. They also figured out how to secure networks without sacrificing too much throughput. (speed at which the data travels)
However, we still have obsolete technologies (devices, protocols, systems, etc.) in place that compromise our most up-to-date systems. In my years of IT experience, I noticed the average end-user does not justify IT as a necessary expense. “Unlike marketing, something that earns revenue, if my systems are “working, why upgrade?” It’s unfortunate, but this is a thought shared by many. It isn’t until they are losing money before they act. By then it becomes an emergency and panic spreads. The pressure is now on your IT team to resolve the issue in a timely manner. IT teams can restore your computer after an attack and they can also attempt to deter the attacker. Unfortunately, there is nothing they can do to stop a relentless attacker. With all the money lost due to cyber-attacks, why have we not redone our infrastructures and use the latest technology in our homes and businesses? It still hasn’t become a justified expense. Unfortunately for us, other countries have decided IT is a necessary expense and invested in their infrastructure. I remember reading an article, some years back, that Korea had 10Gb LAN speeds already in existence, when we were rolling out 1Gb Lan speeds. If our advancement in technology can be interpreted as incremental snapshots; other countries use the most recent snapshot to build their infrastructures. This makes our competitors faster at exploiting our network vulnerabilities, leaving us with very little options.
The Man, in The Middle
I’m sure some of you have seen “https” in your browsers’ URL bar, when browsing a “secure” site using the SSL protocol. In 2009, my security professor, explained SSL’s security exploit. It was vulnerable to the “The Man, in The Middle” attack, and the attack works as follows. David and Joanne are corresponding with each through coded messages. Joanne and David both agreed to a key phrase, to code and decode messages. This a rough example of SSL.
Michael Is aware of this and wants to know what they are talking about. He pretends to be either David or Joanne and convinces either one of them to give him the key phrase. He can also copy each message between them and figure out the code himself. Once he does this, he can now understand all conversations moving forward. David and Joanne can change the code, by making it more complex, but the problem remains. Unfortunately, SSL is still implemented in many networks, even though scientists made improvements and created the TLS protocol.
DOS & DDOS
When a cyberattack shuts down your systems, that is called a Denial of Service attack. Networks use a protocol called TCP to determine how much data is sent in a particular unit of time. When TCP senses congestion on the network, it slows down the data transfer rate. Denial of Service takes advantage of this by overburdening the network to make TCP slow things down to a halt. In the Network and Application layers, there are also similar methods of disabling the layer by making many requests. Sometimes, the solution is a complete restart, and that can take a while for the most complex systems.
The frustrating thing about hackers is not the damage they do, but it’s difficulty in tracking them. Hackers can mask their location and make it seem like they are using an IP address of another user. A Distributed Denial of Service attack is when one takes control of several computers and use them to shut down your network. They do this several times, so that when the data is traced back to the source, they are free and clear. If you are a small business user and were hit with a DOS attack, you are lucky if you just lose a little productivity. However, if you an end-user who relies on your computers and websites to be up and running to take orders; you can see how a DOS can be far more devastating.
Malware, the source of it all
Automation is a gift and a curse. We can have tasks run automatically, leaving us with free time to spend it elsewhere. With the advancement of computing technology, we don’t necessarily need a computer in the device. With specialized adapters, these devices can communicate with computers and/or other devices. Feel free to watch The Magic School Bus’s computer episode to get a better semblance. As much as automation has made our lives easier, automation is also the driving force behind cyber-attacks. Computers are simply an interconnection of hardware, with software dictating how the hardware communicates with each other. Once you understand the language to level of a hacker, you can make that computer work beyond than it was designed. Hackers know how to make that simple computer on your desk to be an instrument of war. If you were a victim of a cyber-attack, it is rare that you were directly connected to the hacker. More than likely, he took control of a computer in a different country and used that computer to infect and control your system.
There are different levels of threats a cyber terrorist can deploy. Dangerous cyber attackers create code with the intent of attacking core computing processes. They know which files are important for an operating system to run and corrupt them to disable your system. Other attackers harm you via indirect methods. They can manipulate your system and see everything you do on your computer and obtain login information for the secure websites you browse. If you are holding any critical client or customer information, that can be taken ransom, potentially damaging your credibility and reliability. The most common attack deployed is hijacking of your computer, because most criminals, do not want to get caught. The most efficient approach for them, is having you infect your own computer. They implement their malicious software (malware) into files or weblinks that appear legitimate and coerce you to opening them.
What Can You Do?
As I mentioned in my previous article “Secure your data, by arming yourself with knowledge,” we cannot stop cyber terrorists we can only deter them. I’d recommend inviting them out for coffee, which I think is the most cost-effective option. However, if dining with criminals is not your cup of tea, or coffee rather, then you must implement available security measures in each layer. Fortunately for us, we have devices that can protect multiple layers simultaneously. Use antivirus software, I will make no recommendation to which one, because they all typically operate the same way. Viruses are software and they are identifiable from other software with identifiers called signatures. Anti-virus software has databases of these signatures and once they find a partial match, the suspected file is quarantined for further analysis. If it isn’t automated, make sure your definitions are updated regularly, at least twice a week. Some techs may feel that is too much, while others say update more regularly. Whatever you do decide, it is better to be safe than sorry. Some antivirus software catches viruses quicker, while others do more aggressive scans. If budget allows, I’d recommend purchasing a professional version; they tend to have more features that offer better protection.
If you are a healthcare provider, legal and/or financial associate, I strongly recommend professional internet security suites are installed on all workstations. Make sure you are using a software firewall. You can use your default OS firewall or invest in a professional internet security suite solution. If the malware reaches your computer, you can contain it and prevent it from affecting other computers. Also, invest in a small business router and a hardware firewall, the combination of these two devices really protect the Transport, Network and Link layers. Under the right conditions, nothing gets in or out without your approval. Lastly, if you don’t trust something, go with your instinct and contact your IT staff for confirmation. Pay close attention to all logos, writing styles, links, file extensions, and email addresses. It also helps to be a little cynical; if it’s too good to be true, more than likely, it is. If you get an email from a Nigerian prince, promising you a lot of money to help them out, remember, Nigeria is a democracy and has no monarchy!!!
Posted in S.T.E.A.M.