Intrusion Detection Systems

How would you know if a hacker is on your home or business network?

Most organizations find out way too late they have been compromised. Most of the times a hacked company is informed of their breached by a 3rd party company. Some of them may never be notify and only find out after someone in their family or business have had their identity stolen. The prevailing thought is a hacker will get in. So how will you know or find out when they get in?

Here’s Some major breaches that happened to private businesses and governments

• Equifax: Cybercriminals penetrated Equifax (EFX), one of the largest credit bureaus, in July and stole the personal data of 145 million people. It was considered among the worst breaches of all time because of the amount of sensitive information exposed, including Social Security numbers.
• A Yahoo bombshell: Parent company Verizon (VZ) announced in October that every one of Yahoo’s 3 billion accounts was hacked in 2013 — three times what was first thought.
• Leaked Government Tools: In April, an anonymous group called the Shadow Brokers leaked a suite of hacking tools widely believed to belong to the National Security Agency.
  The tools allowed hackers to compromise a variety of Windows servers and Windows operating systems, including Windows 7 and Windows 8.
• WannaCry: WannaCry, which spanned more than 150 countries, leveraged some of the leaked NSA tools. In May, the ransomware targeted businesses running outdated Windows software and locked down computer systems. The hackers behind WannaCry demanded money to unlock files. More than 300,000 machines were hit across numerous industries, including health care and car companies.
• NotPetya: In June, the computer virus NotPetya targeted Ukrainian businesses using compromised tax software. The malware spread to major global businesses, including FedEx, the British advertising agency WPP, the Russian oil and gas giant Rosneft, and the Danish shipping firm Maersk.
• Bad Rabbit: Another major ransomware campaign, called Bad Rabbit, infiltrated computers by posing as an Adobe Flash installer on news and media websites that hackers had compromised. Once the ransomware infected a machine, it scanned the network for shared folders with common names and attempted to steal user credentials to get on other computers.
• Voter Records Exposed: In June, a security researcher discovered almost 200 million voter records exposed online after a GOP data firm misconfigured a security setting in its Amazon cloud storage service.
• Hacks Target School Districts: The U.S. Department of Education warned teachers, parents, and K-12 education staff of a cyberthreat that targeted school districts across the country in October.
• An Uber Coverup: In 2016, hackers stole the data of 57 million Uber customers, and the company paid them $100,000 to cover it up. The breach wasn’t made public until this November, when it was revealed by new Uber CEO Dara Khosrowshahi.
• When Target was breached in 2013 they said attackers lurked on their networks for months without them knowing.
• When infoSec RSA was breached in 2011 it was reported hacker lurked on their network for some amount of time, but it was too late when they found out.
• When the Office of Personal Management (OPM) was breached holding personal records of 22 million people exposed their sensitive information they weren’t able to find out until it’s too late.
• The Bangladesh breached and lost 80 million and they only reason why the hackers did get more money was because they made a typo that was caught.

There are many more breaches where the hackers were not detected

How long would it take you or your company to find out if a hacker had breach your network looking to steal your business or personal information? According to FireEye in 2019, the median time from compromise to discovery was cut by 59 days, down from 205 days. This is still a very long time for a hacker to get in and steal your data.

The same report from FireEye highlighted new trends for 2019 where hackers are causing major disruptions. They are disrupting business, stealing personally identifiable information and attacking routers and switches. I believe this new trend will continue into the foreseeable future.

There’s far too many people and companies who are depending on prevention and not detection. Let’s be honest, we cannot guarantee that a hacker cannot or will not hack your system. What will happen if they do hack into your system? How will you know there are on your system? This is where Cyber Security Consulting Ops can help your home or business network to implement a good detection strategies can help to detect un-wanted visitors on your system. We MUST shift our focus to both prevention and detection. Intrusion Detection can be defined as “…the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource.” More specifically, the goal of intrusion detection is to identify entities attempting to subvert in-place security controls. Assets must be used as bait to entice and track bad entities for early warning.