The Network Scanners and Malware Sensors:
Because you can’t see what’s on your network
We are detect problems and unusual activity on your network and firewalls, in the way that larger organisations such as banks and government do, but for an SME price tag and clear email alerts!
- So you get a clear guide to fixing these problems often before they occur (or get worse), and swiftly detecting strange (malware type) activity on your network should it occur.
- So you have means to resolve and fix things or communicate with other information technology professionals to remedy problems.
All this can count towards the Cyber Essentials Scheme; serving as an indicator that you have made an effort in this area should the worse come to the worst. Our service is the delivery of these scans, the technical skills to set them up, run and maintain this service for the duration of the contract as well as to advise when and where necessary.
There are three LanScan services, they are:
- The live on-site scanning of your network and beyond (depending upon your scope) by one of our team, to a standard commensurate with UK Government Official, and in keeping with PCIDSS (Credit card industry) expectations, we call this service LAN-LIVE, we think an annual check is always good, and can be linked to Cyber Essentials (for example) or a program of quarterly checks is also highly recommended for piece of mind. On these checks we are able to assess firewalls, networks, servers, desktop and laptop computers as well as any other items on the network, often finding vulnerable systems and much more offering you the data to fix these errors.
- The outside of your firewall is the route in to your network, here we offer a fixed price weekly scan service to check for accidental (or otherwise) exposure, no matter if this is maintained by you, your ISP or whomever, we can and report on what we find, and can even offer in depth checking of some of the things we find, like remote access that is badly regulated or websites.. We call this service FW-BOT (LanScan Firewall Bot).
- Finally our newest service, LAN-BOT (LanScan local area network Bot) this is a malware sensor, this detects unusual (malware/viral) traffic on your office network trying to attack other machines and spread out on our network as well as software trying to “brute force” a log on – it then alerts us and you to this so action can be taken.
Why is this important?
Firstly let’s consider the impacts of being “hacked”! – perhaps it’s best to think about this in a series of phases……
Initially it’s the fact that your network or firewall has been compromised and will need fixing and the costs associated with that; such as removal of the problem, restoration from backup or a complete rebuild.
Secondary and subsequent impacts such as loss of or damage to your reputation in the eyes of your customers and service partners.
Further that the attacker may then be using data stolen from you to attack others and/or to propagate messages that poorly reflect your brand, or stealing money, or “trade secrets”.
Finally you need to consider the loss of data; and if this data is personal data, whether you need to alert the Information Commissioner and contact all those whose data may have been compromised. Again there will be costs associated with this and the reputation damage.
This case study from the Sans Institute covers the the impacts on Target (a US Retailer), they suffered:
- 70 Million Customer Credit Cards, with PINs, Comprised of US Retailer
- Sacking of CEO and CIO
- $200m Cost to Banking Industry
- 140 Lawsuits (including against PCI Auditor)
- Profits Dropped by 46% in 4Q13
Some lessons learned here included better PCI checks and Risk Management, that “Strength-in-Depth” was required, that a separation of Internal and External systems was necessary and that scanning vulnerabilities and malware was critical as was actioning these alerts, as to how did it happan, well – Its known as the Cyber Kill Chain
- Reconnaissance: Google Search MS Case Study/Vendor Process
- Revealed IT Architecture, HVAC Companies and Existence of Portal
- Spear-Phising: Fazio Mechanical (Refrigeration Org)
- Malware to Steal Portal Credentials
- Weaponise/Delivery/Exploitation: Malware Launched and Lateral Spread
- Against Misconfigured Systems to PoS Systems
- Installation: Data Gathered/Stored
- From Memory of PoS Equipment to DLL files on Network Shares
- Command and Control
- ICMP Messages and System Update Tools Harnessed
- Action: Credit/Debit Card Data Ex-filtration
Nearer to home and within the last year or so:
Back in October 2015; and once again hacking is once again top of the news coverage with TalkTalk the latest victim of an attack that sees their business damaged and undermined in a very public way. I note the following article on the BBC website reporting that the Cyber attacks on TalkTalk join a lengthening global list of companies that have suffered major data breaches. This list includes companies such as; Ashley Madison, eBay, AOL, Target, Home Depot, Sony, Anthem and JPMorgan Chasehttp://www.bbc.co.uk/news/business-3463675
Unfortunately these attacks are not concentrated solely on large organisations where it can be argued that there should be the resource and technical understanding to limit the risk. Smaller organisations are equally at risk and in many ways far more vulnerable to the consequences of losing data or being without website/financial systems/e mail.
The challenge is also that threats can be extremely diverse, from direct attacks on infrastructure, to subterfuge: the modern version of con artists’ tricks and phishing attacks designed to trick unwary users into divulging information to malware, designed to damage infrastructure. The BBC reports on this http://www.bbc.co.uk/news/business-34580158