A “Trojan Horse”, in computer speak, is a computer virus disguised as legitimate software. The term originated from the ancient tale of Greek soldiers who infiltrated the enemy city by hiding inside a wooden horse. The Trojans brought the statue into the heart of their city as a war trophy – leading to the destruction of Troy.
Today, malicious actors aren’t hiding in giant wooden horses. As governments look towards cloud and DevOps to roll out digital services more quickly, cyber criminals trail closely behind with insidious methods to infiltrate networks.
How can organisations deal with these emerging threats? CyberArk investigates.
Balancing speed and security
Governments are turning to DevOps to build digital tools faster. This approach combines development and operation teams to make the process more efficient.
The Singaporean government, for instance, is shifting towards a new central platform to help the private and public sector work together on development. Similarly, Indonesia’s West Java is looking to build common platforms for different agencies to collaborate on digital services.
This trend will only rise in the pandemic. Covid-19 has also accelerated the adoption of the DevOps approach, almost doubling in five years, reported ZDNet.
However, the high-speed nature of the DevOps process creates plenty of opportunities for malicious actors to enter organisations.
Earlier this year, CodeCov – a company specialising in software auditing tools – was breached by hackers, Reuters reported. They gained unrestricted access to hundreds of networks by pulling out classified credentials across CodeCov’s customers.
DevOps environments where developers commonly share high-privilege access are especially vulnerable to similar attacks. “I don’t think that anyone intentionally meant for security to be left out. For developers, [security] just wasn’t a focus,” Kurt Sand, CyberArk General Manager of DevSecOps told CyberArk.
“It’s like designing a house. After you’ve built it, it’s pretty hard to make changes.” he adds. Security should instead be integrated into the DevOps process from the ground up, rather than being viewed as a time-consuming obstacle to get around.
To do this, CyberArk suggests making the process more intuitive, so developers understand the security risks. This may include encouraging developers to think like attackers through providing training on common attack vectors. Security teams can also build simple self-service models to make the process of securing credentials easier for developers.
Head in the clouds
Cloud computing has enabled governments to build new public services quickly. GovTech Singapore is leaning on the cloud to create digital services that build on its digital identity system. These can help citizens to book hospital appointments, pay taxes and apply for loans without having to re-enter information.
However, the convenience of the cloud brings increased security risks. Cloud networks typically require many different user identities. In huge networks, the privileges associated with these accounts can often be misconfigured – creating possible openings for hackers.
In the recent SolarWinds incident, hackers were able to rapidly spread into their internal network after gaining access to a client of their Orion network, CyberArk wrote. This service requires privileged access to function. The malware likely used this to its benefit, extracting privileged credentials to gain access to the internal network.
Companies should enforce a Zero Trust mindset to avoid situations like this, CyberArk suggests. User permissions should be kept at the lowest level required to perform their functions. Cyber security teams can enforce this with regular evaluations of user access permissions.
Data held hostage
Ransomware is also another rising threat that can severely disrupt organisations.
Over the recent USA Independence Day weekend, ransomware hackers struck Kaseya, a US firm which provides network management tools for companies. The attack paralysed the networks of at least 800 companies around the world, with hackers demanding US$70 million to restore the data, Reuters reported.
Attackers may try to distribute ransomware in mass volumes, through phishing attacks, to infect as many devices as possible. They may even use targeted strategies on specific organisations to seek out high payouts. Once inside the network, they will give themselves more access to move deeper into the company’s network undetected.
These attacks usually start with the endpoint devices that employees use. CyberArk’s Privileged Access Manager and Endpoint Privilege Manager can help to minimise the damage caused if an account is compromised. Administrators can use the central interface to quickly isolate suspicious accounts in the cloud.
As organisations look to enhance their productivity with new approaches, security cracks may appear in unexpected places. Governments need to work together with industry experts to keep data from falling into the wrong hands.