Physical/cybersecurity defence: Waking up to the reality of hybrid attack

For us to begin, do me a favour and google search “hybrid attacks”.

Cybrary defines a Hybrid attack as “a blend of both a dictionary attack method as well as brute force attack. This means that while a dictionary attack method would include a wordlist of passwords, the brute-force attack would be applied to each possible password in that list.”

Do you agree? What does hybrid really mean when it comes to security? Physical, cyber, information, data, network etc. – it’s all just security at the end of the day… isn’t it? I’d like to address the huge gap between physical and cyber-attacks and the convergence between the two.

Cybersecurity breaches are becoming more commonplace than ever before. With the average breach costing US$3.62 million in damage, it’s no wonder that global enterprises are scrambling to secure their networks and prevent attackers from gaining access to their digital assets. Cybersecurity attacks are becoming more sophisticated every day, with attackers able to hack, eavesdrop, spoof, and socially engineer their way into valuable corporate and customer data. While digital hacking incidents are on the rise, many IT professionals have lost focus on the tried-and-true method of attacking physical security.

An organisation can implement all the IDS, SIEMs, and antivirus they want, but a firewall isn’t going to
stop someone from kicking down your door.

How can physical attacks dismantle cybersecurity and digital controls?

Industry leaders have been saying for ages that physical access will trump digital controls every time – in other words, once an attacker has physical access to your devices, it’s game over. Despite these continuous reminders, physical security is often one of the most neglected areas in an otherwise robust defence.

Here are some common examples of how physical threat vectors can compromise digital security:

*An infected USB drive is planted in a parking lot, lobby, etc, which an employee picks up and loads onto the network.

*An attacker breaks into a server room and installs rogue devices that capture confidential data.

*The internet drop line is accessible from outside of the building, allowing an attacker to intercept data or cut the line completely.

*An attacker pretends to be an employee and counts on a real employee’s courtesy to hold the door for them as they enter together.

*An inside actor looks over the shoulder of a system engineer as they type administrative credentials into a system.

In 2017, the total number of data breaches in the United States reached a new record high of 1,579 incidents spanning 171 million records collectively, according to the Identity Theft Resource Centre. This number represents an increase in occurrence of 44.7 percent compared to 2016, and occurrences are forecast to rise 20 percent year on year. Not all of these breaches used  a physical attack vector, but a significant number did, and as the number of breaches climbs ever higher, so too do the number of attacks that leverage a physical vulnerability to execute the crime.

How can cybersecurity weaknesses enable physical attacks?

In the most devious attacks, cybercriminals will perform reconnaissance and preparatory work on the digital front before moving to close the attack in-person. Rather than trying to gain full access into the system, an attacker may only want to open up a few strategic holes to enable a physical assault. While action movies get a lot of things wrong, the trope of a hacker in a van shutting down the network while their buddy breaks into the building is not entirely inaccurate.

The following are examples of how cyber vulnerabilities can weaken a physical defence or have real-
world effects:

*Attacker shuts down internet-connected security cameras, allowing a break-in to go undetected, deleting footage, etc.

*Internet-facing keycard access system is compromised, allowing an attacker to grant or remove physical access to the building.

*Network-connected manufacturing systems can be attacked and shut down, causing loss of productivity or a safety incident.

*CPU-intensive malware can be loaded onto a server cluster which spikes power consumption, resulting in overheating, brownouts, or a total loss of power.

*Ransomware on a hospital network can prevent physicians from accessing patient records and providing necessary care.

All of the above having a direct or indirect cost the any organisation via:
* Theft or loss of mission critical data or intellectual property
* Impact of downtime on organisational productivity
* Damages to equipment and other assets
* Cost to detect and remediate systems and core business processes
*Legal and regulatory impact, including litigation defence cost
* Lost confidence and trust among key stakeholders
* Deterioration of marketplace brand and reputation

The increasing prevalence of a unified approach to security

Why should a security professional focus on the physical side when today’s threats are coming through a network port instead of the front door? It is true that a significant number of cyber breaches are done entirely online without an attacker setting foot in the office, but it’s also true that some sophisticated attackers will set the laptop aside in favour of a crowbar.

SANS Institute states that in recent years, approximately 74,000 employees, contractors, and suppliers were impacted by a data breach due to stolen company laptops with sensitive information on them – and in each case, the value of the physical asset was not the only loss, but rather the data, which is usually not encrypted. Theft isn’t going away any time soon, and with today’s workforce becoming increasingly  mobile, the number of easily stolen devices will only continue to rise.

Physical weaknesses will always exist. Smart cybercriminals will see organisations rushing to secure their digital fronts while forgetting about the flaws in their doors, windows, cameras, and security guards.  Today’s cyberthieves are using every possible strategy to steal more data and wreak more destruction than ever before. Organisations will do well to remember their real-world security in addition to their efforts on the digital front. With physical access being the trump card that beats every network control,
security administrators need to look beyond their routers, firewalls, and server farms to see the doors, fences, lights, and key systems that are often ignored and exploited.

If your organisation has suffered data breaches and only thrown more software, VLANs, and firewall rules at the problem, you’re doing a disservice to your employees and customers. It’s time to look at both attack vectors and think about how we can close the gap on the hybrid attacks. Review your current architecture and take a fresh look – Only after you’ve properly assessed both your physical and digital security can you confidently assure your customers that you remain committed to the protection
of their information.

Contributed by Nick Maxwell, GM, UK/MEA & Austalia, Ava Security.

0 0 vote

Article Rating