The Song Remains the Same

So Stuxnet was a "game changer" because we saw a private separated network get JACKED! Let me share some of the responses I have heard:

"They shouldn't have been using Windows"
"Stuxnet was no big deal if you weren't the target"
"There are enough other people that are vulnerable, they probably won't come after us"
"We have firewalls, IDS, and AV."

These comments come from vendors, CISOs, and security architects. Hi, you are missing the point. If you focus on the specifics of the attack these are somewhat accurate statements. If you look at the framework of the attack it should make you aware that you are at risk. Some components of Stuxnet were very generic and can provide a framework for future attacks. Check out this page by Ralph Langner:
 Here's a question to ask your CISO or security team lead or whoever you have entrusted your security to.:

"How can our firewall (also include AV, IDS, etc) be defeated?"
"How can an attacker exfiltrate data once they are inside?"
"Can you (security d00d) exfiltrate data without anyone knowing?"

If you saw the report on Night Dragon, you saw another example of energy being targeted. The target was compromised via SQLi and the attack progressed using fairly standard simplistic techniques. No ofeense to the target is meant here, I am targeting the mentality mentioned above. These folks had firewalls, AV, proxies, and policies. Their controls were overcome at every step with what the incident responders called "simple" techniques. Simple is a relative term and the timeframe of the attack is not discussed. If this attack took place over a span of weeks it is relatively easy to recreate. If this attack was done in a matter of days or less, it was well-planned and executed. 

No comments:

Post a Comment