By Nicolas Fischbach, Global CTO & VPE SASE, Forcepoint
Late last year, the world saw Sunburst/Solorigate cyberattacks against government agencies and global enterprises where the malware attacked organizations via the supply chain through a compromised networking program. Like our peers, Forcepoint also pushed out protection updates to help mitigate the attack and protect our customers as soon as details emerged.
While there is still much that potentially remains unknown, one thing is clear: fighting these cyber adversaries requires a re-thinking of security approach. In most cases, our adversaries’ goal is more than monetary – it’s to infiltrate, learn by staying under the radar and finally to exfiltrate sensitive data. Sometimes it’s to prepare for future disruption or cause direct havoc.
Nation-state adversaries, in particular, are well funded and able to mount complex operations to circumvent multiple layers of protection. Further compounding this challenge, they are also evolving their tactics more quickly than most organizations can fortify their security, detection and response posture for these modern-day threats. (On a side note, often the attackers fail to protect themselves with good OPSEC and it’s not uncommon to see multiple actors ride on each other’s compromise or failing to notice that they are themselves being watched.) When we look at the last 10 years and the many headline-making breaches that have been reported, the common denominator in all of them is the exfiltration of data for direct or indirect financial gain.
The reality is breaches often follow the same modus operandi. But first let’s take a trip down memory lane: What has changed is the level of sophistication in how the attackers come through the door, be it yours or the cloud services’, become persistent or have a way to return in the environment, and the tricks they employ to exfiltrate critical data “under the radar”. And, as we saw in the Sunburst attack, sophisticated attackers have the patience to lie in wait for months or even years before they execute their plan. Using that time to learn about your network, your users, and, more importantly, where all the digital crown jewels are stored.
Given the attackers were discovered months after they first gained access to target government and enterprise networks via a supply chain attack in March 2020, we’ll likely never know the full extent of the Sunburst attack. However, it’s clear the scope is large and the victims represent important pillars of global governments, the economy and critical infrastructure. With the information stolen from those systems, or malware these criminals have likely left behind, we can expect it to be used for follow-on attacks in the years to come both in the digital and in the physical world.
So, what is the modern security path forward when infrastructure security isn’t enough? Is a wholesale shift needed in how the industry, government agencies and enterprises approach security today? If so, then a holistic approach to security is required in today’s modern threat landscape and cloud era – one that understands network, cloud, and in particular users and the critical data they create, interact with, share and store.