Are you vulnerable? Know the anatomy of a cyber intrusion

Office of the Deputy Chief of Naval Operations for Information Warfare

The security of the Navy networks is a continuous, all-hands effort. Every day, Sailors and civilians must stand guard on our Navy’s digital quarter deck to prevent cyber intrusions.

Cyber threats are real, and cyber criminals are determined, intelligent and persistent.

Cybersecurity protections, such as firewalls and antiviruses, are great defensive measures, but they cannot protect against bad judgement.

Human error has been responsible for many intrusions of the “dot[.]mil” network in the last several years.

Violating security best practices, circumventing security policies, complacency and falling victim to social network exploits allow cyber criminals to target vulnerabilities that may directly impact the Navy networks and systems.

These errors can put our security at risk. Here are how cyber criminals compromise computer systems:

RECONNAISSANCE: Finding an unlocked door

Cyber adversaries learn about their target’s weaknesses. They will gather information about the target’s networks, systems and their defensive measures.

Interacting with potential victims online is the easiest method to gather this information because of the volume of accessible information posted on social networking sites.

Highly successful techniques to gain network or system access include:

• Social Engineering: Adversaries count on you not following good security policies and procedures. Their goal is to make you feel comfortable giving out personal or critical information. They will then use this information to access sensitive data without your knowledge.

Cyber criminals are very good at tricking you into visiting a webpage, downloading an app or connecting an unauthorized device containing malicious code.

• Phishing: Adversaries will send what appears to be a trustworthy email containing a website link or an attachment.

By clicking on the link or opening the attachment, you may be directed to a website that prompts you to provide financial or personal information, or you may be directed to another website that uploads malware onto your computer.

• Watering Hole: Adversaries will go after websites frequented by specific interest groups or organizations. They profile victims and observe online behavior like their most visited websites or social media circles.

Then they identify a flaw in the system on one of those sites, compromise it and wait for a target. Users who visit a watering hole site are stealthily redirected to another site and exploited by the adversary through implanted malware.

INTRUSION: We’re in

Once the system or network is compromised, the adversary will blend in with normal traffic, making their detection difficult.

In this stage, criminals begin identifying existing security flaws within the network’s lifelines and will secretly deploy their cyber tools to probe deeper to identify additional vulnerabilities.

MALWARE INSERTION AND LATERAL MOVEMENT: The waiting game

Adversaries are persistent and will attempt to penetrate in-depth across the network and wait until needed.

They may also implant software to capture passwords to access privileged accounts, critical information, sensitive data, states ecrets, intellectual property, or command and control (C2) systems. Cyber criminals can now degrade or disrupt network activity.

TRANSFER OF DATA: Getting what they came for

Once an adversary establishes reliable network access, they can move sensitive information to an outside location where encryption can be cracked out side of the compromised environment.

Then, cyber criminals can target the victim again or use the information obtained to identify another victim.

CLEAN UP:

Leaving without a trace

Cyber criminals are skilled at making an intrusion appear like a computer glitch. Most will attempt to get rid of any evidence, such as overwriting data or cleaning up event logs, to make sure they are undetected.

Some adversaries plan only one cyber-attack and will disconnect from the system while others may work to establish a backdoor entry so that they can revisit at any time.

Navy cybersecurity requires everyone to treat Navy networks like a weapons system.

Cybersecurity is enhanced when you are vigilant, practice defensive measures, are aware of the types of cyber threats, and understand cyber intrusions to better defend the Navy’s systems and networks.

October is National Cybersecurity Awareness Month (NCSAM) and a good time to remind ourselves to be safe online. For more information visit www.navy.mil/local/cyberawareness.

Share and Enjoy:
  • Print
  • Facebook
  • Twitter
  • Google Bookmarks
  • email
  • RSS

Category: News