What Do Hackers and Pop Stars Have in Common?
By Greg Boison
When performing live, music artists typically create a setlist to dictate which songs they will perform. Some artists, like Bruce Springsteen, play a different setlist every night; while others like Katy Perry play the same setlist for an entire tour. Still others like the Rolling Stones generally play the same setlist, but might throw in a different cover song at each concert.
Hackers attempting to access your network have similar patterns.
Consider an artist like Katy Perry similar to the most common attacker. Like a hacker who uses an exploit downloaded from the web, the basic cybercriminal will not change a note or song across multiple attacks. This cyber threat deploys one attack many times, never changing techniques, tactics, or procedures (or TTPs). Such threats make up 80 percent of the cyber events encountered. Foundational cyber hygiene as deployed through the Continuous Diagnostics and Mitigation (CDM) program can defend against these threats. By knowing your assets (asset management), the configuration of those assets (configuration settings management), and understanding what known vulnerabilities your systems may face (vulnerability management), you can successfully defend against the majority of threats.
The Rolling Stones change their setlists akin to the middle ground of hacker skill. By changing a single aspect of an attack, they may make it through basic firewalls and signature-based defense. A comprehensive and contextual view of an attack, utilizing tradecraft such as a Cyber Kill Chain®-based approach, is your best defense for defending your enterprise. The Cyber Kill Chain® describes the steps an attacker must perform to succeed against network defenses. Like the steps of the Cyber Kill Chain®, a concert has a series of steps from the opening song through the closer and encore that musicians employ to entertain an audience. Even if they change one step in the process, you can utilize robust knowledge management to still identify the hacker and succeed in defending your enterprise.
Bruce Springsteen is the advanced persistent of threat (APT) of live music. By changing his setlist every night, and at times deploying a setlist never before seen (a zero-day), a hacker in this vein creates a much greater challenge. To defend against a hacker who is carefully creating unique delivery methods and exploits for a given environment or user, you must engage a robust and resilient Intelligence-Driven Defense® that employs a kill chain-focused methodology, shares cyber information amongst peer organizations, and includes deep-packet inspection with big data cyber analytics. Additionally, success will only be found if network defenders have automated the rest of their defenses, through CDM, to deal with the majority “Katy Perry” cybercriminals with ease to free their precious resources and discover this APT.
Like our favorite music artists, every cyber threat is different. It is imperative to employ a multi-pronged approach, combatting each type of threat with its own distinctive tool. By using CDM and the Cyber Kill Chain® to allow your defenders to look out for the APTs, you can create a secure venue for any setlist.
Greg Boison is the Lockheed Martin director of Homeland and Cyber Security. He leads a team of more than seven hundred employees and subcontractors supporting the Department of Homeland Security and Federal cyber customers.
October 16, 2014