Intrusion Detection Systems

How would you know if a hacker is on your home or business network?

Most organizations find out way too late that they have been compromised. A hacked company is often informed of its breach by a 3rd party company. However, some may never be notified and only find out after someone in their family or business has stolen their identity. The prevailing thought is a hacker will get in. So how will you know or find out when they get in?

Here are Some major breaches that happened to private businesses and governments

• Equifax: Cybercriminals penetrated Equifax (EFX), one of the largest credit bureaus, in July and stole the personal data of 145 million people. It was considered among the worst breaches ever because of the sensitive information exposed, including Social Security numbers.
• A Yahoo bombshell: Parent company Verizon (VZ) announced in October that every of Yahoo’s 3 billion accounts were hacked in 2013 — three times what was first thought.
• Leaked Government Tools: In April, an anonymous group called the Shadow Brokers leaked a suite of hacking tools widely believed to belong to the National Security Agency.
  The tools allowed hackers to compromise various Windows servers and operating systems, including Windows 7 and 8.
• WannaCry: WannaCry, which spanned over 150 countries, leveraged some of the leaked NSA tools. In May, the ransomware targeted businesses running outdated Windows software and locked down computer systems. The hackers behind WannaCry demanded money to unlock files. As a result, more than 300,000 machines were hit across numerous industries, including healthcare and car companies.
• NotPetya: In June, the computer virus NotPetya targeted Ukrainian businesses using compromised tax software. The malware spread to major global companies, including FedEx, the British advertising agency WPP, the Russian oil and gas giant Rosneft, and the Danish shipping firm Maersk.
• Bad Rabbit: Another major ransomware campaign, Bad Rabbit, infiltrated computers by posing as an Adobe Flash installer on news and media websites that hackers had compromised. Once the ransomware infected a machine, it scanned the network for shared folders with familiar names and attempted to steal user credentials to get on other computers.
• Voter Records Exposed: In June, a security researcher discovered almost 200 million voter records exposed online after a GOP data firm misconfigured a security setting in its Amazon cloud storage service.
• Hacks Target School Districts: The U.S. Department of Education warned teachers, parents, and K-12 education staff of a cyberthreat that targeted school districts nationwide in October.
• An Uber Coverup: In 2016, hackers stole the data of 57 million Uber customers, and the company paid them $100,000 to cover it up. The breach wasn’t made public until this November when new Uber CEO Dara Khosrowshahi revealed it.
• When Target was breached in 2013, they said attackers lurked on their networks for months without them knowing.
• When infoSec RSA was breached in 2011, it was reported that hackers lurked on their network for some time, but it was too late when they found out.
• When the Office of Personal Management (OPM) was breached, holding personal records of 22 million people exposed their sensitive information they couldn’t find out until it was too late.
• Bangladesh breached and lost 80 million, and the hackers only got more money because they made a typo that was caught.

There are many more breaches where the hackers were not detected

How long would it take you or your company to find out if a hacker had breached your network looking to steal your business or personal information? According to FireEye, in 2019, the median time from compromise to discovery was cut by 59 days, down from 205 days. This is still a very long time for a hacker to get in and steal your data.

The same report from FireEye highlighted new trends for 2019 where hackers are causing significant disruptions. They disrupt business, steal personally identifiable information, and attack routers and switches. I believe this new trend will continue into the foreseeable future.

Companies Must Start Focusing On Detection:

Far too many people and companies depend on prevention and not detection. We cannot guarantee that a hacker cannot or will not hack your system. What will happen if they do hack into your design? How will you know there are on your system? This is where Cyber Security Consulting Ops can help your home or business network to implement good detection strategies that can help to detect unwanted visitors on your system. We MUST shift our focus to both prevention and detection. Intrusion Detection can be defined as “…the act of detecting actions that attempt to compromise the confidentiality, integrity, or availability of a resource.” More specifically, intrusion detection aims to identify entities attempting to subvert in-place security controls. Assets must be used as bait to entice and track evil entities for early warning.