This is not the first, nor the last, such attack. However, certain details worry cybersecurity experts: First, the hackers used a zero-day exploit, i.e. an unknown vulnerability in the code, to execute it. their attack. Second, they target a company that is not as valuable a target as a bank, but strategically significant due to its connections to the companies it serves.
According to experts, independent hackers are upgrading their game, using advanced tools and strategies, act like elite government-backed hackers, instead of just criminals.
While I don’t necessarily disagree with this assessment, I can’t help but wonder if these experts have underestimated the global hacker community? In addition, it seems that they are not aware of the state and rapid growth of the global data infrastructure.
Globalization and Unification
We live in an era where globalization and digital unification have reached an all-time high. In addition to some benefits, this also brings many risks to the table.
One is centralization. Instead of having a decentralized structure that is fragmented across multiple nodes, data is often stored in a unified system, which means there is a single point of failure. Ultimately, when that system is compromised, an attacker can gain access to more information and power than he would if he had access to a closed segment of the same system.
This is especially the case with cloud-based services. NS monopoly power of tech giants and growing service providers across the developed world is another hitch as it ensures that a small number of companies provide services to the vast majority of businesses. businesses share a unified infrastructure and software backbone.
While that may not be obvious to the less tech-savvy, it’s fairly easy for a new hacker to distinguish between an operating system (OS), a content management system (CMS), and a content management system (CMS). marketing technology (martech) platforms or other entry points are his victims. used and what type of vulnerability – if any – exists for the version the victim is currently using.
All that remains is to make the attack and cover his tracks.
Finally, never underestimate the power of social engineering; This approach is superior to any other because it provides access to valuable information regardless of the redundant tables in place. If anything, experience has taught us that no system is immune to hacking.
This also means that end game shouldn’t create an “irreparable” system. Instead, the goal should be to limit and minimize the possible damage caused by a possible breach.
Coming up with countermeasures that make hacking more troublesome than it should be is a better tactic than enticing hackers with massive digital treasures. Instead of relying on “old good Windows” or WordPress, one should use lesser known, or even separate, operating systems and software, whose exploits are not publicly available.
But these investments require additional knowledge and capital, and companies are either reluctant, ineligible, or unable to make the necessary move.
However, there is much that companies can do to protect their data and networks.
Earlier in the article, I mentioned the significant benefits of decentralization and fragmentation of IT infrastructure as the best means of mitigating malicious attacks. Both of these features are hallmarks of the zero-trust principle.
The main concept behind distrust is that devices are not trusted by default, even if they are connected to a managed corporate network such as a corporate local area network (LAN) and have been pre-verified. there. Any device on the network is only allowed access to the necessary software and infrastructure – for example, only an accountant’s computer should have access to the accounting software.
In this way, a hacker needs to overcome a lot of hurdles, authenticate multiple times, and bypass many security processes to complete his task – and even then, the data to which he is entitled. Access is limited to what the attacked entity is secure.
offices. As the company’s chief technology officer said above company blog:
“Just to be clear: This hack affects the camera and nothing else. No customer data accessed, no production systems, no databases, no encryption keys, nothing. Some press said we use facial recognition feature available in Verkada. This is not the truth. We are not.
“Our internal systems follow the same trustless model that we offer our customers, and as a result, our corporate office networks are not covered by other locations or data centers of We are completely trustworthy. From a security standpoint, connecting from one of our corporate locations is no different than connecting from a non-Cloudflare location. “
The chain is as strong as its weakest link. By applying distrust principles, the network architect assumes that every link is the weakest link. In this case, it’s the Verkada camera.
However, even with a zero trust model, hackers can still obtain valuable information, such as customer data.
Big data companies like to use (and abuse) the data provided to them by customers and their users, and rarely take appropriate measures to protect it. The hackers are very much aware of this negligence and all are happy to help themselves get the stored credential, which is of immense value not only on the black market but also for the calls Phishing attack and subsequent social engineering.
So let’s add one more item to the list: Companies need to ensure that consumer data is encrypted and on a non-trust basis, used and accessed on an as-needed basis and in a state state is encrypted whenever possible.
However, the hacking story doesn’t end here. Now we know that hack = bad. But are there situations where hacking can actually be a good thing? Furthermore, do we really need untestable systems in this day and age?
In a world that is becoming increasingly authoritarian, it would be a no-brainer to try to build an infrastructure free from scrutiny and critics. While companies and government organizations may not want to remain vulnerable, unauthorized access to critical information is imperative in the event these organizations cross their boundaries, which This has happened often and many times throughout history.
Edward Snowden’s social engineering action lifted the curtain and exposed the damage the National Security Agency (NSA) has done to Americans’ individual liberties. WikiLeaks and others have provided the public with much-needed insight into the work and actions of elected officials and organizations. Media organizations have done the same over the years, exposing corruption.
This type of unauthorized access allows bottom-up control and should always be a welcome sight for truth seekers and individuals who refuse to blindly trust everything that governments and companies say. do or say in an attempt to govern and not serve the citizens. Having these kinds of redundancies is a last resort for protection against tyranny, and as such, would be a desirable weakness in the eyes of the common man.
Now, perhaps, more than ever.
What do you think of the recent hacks? Does your company or the company you work for take any of the countermeasures mentioned in this article? Let me know in the comments section below.
https://www.marketwatch.com/story/computer-hacking-may-never-fully-go-away-even-with-the-best-new-technology-and-we-may-not-want-it-to-11626797444?rss=1&siteid=rss | Opinion: Computer hacking may never fully go away even with the best new technology — and we may not want it to