It鈥檚 hard to believe, but it鈥檚 been a year since the . In case your memory鈥檚 fuzzy, this was the incident that completely shut down the largest fuel pipeline in the United States, causing gas shortages across the East Coast.
It was the perfect demonstration that cybersecurity doesn鈥檛 merely exist somewhere between strings of binary code. It has real-world implications.
Although the and the , major incidents like this should serve as teaching tools to learn how to develop a better cybersecurity posture and harden defenses.
I asked , our VP of ThreatOps, what he thought the top lessons we should have learned from this incident are. Here鈥檚 what he had to say.
Need a refresher on ransomware? Check out our Ransomware article from The Defender's Handbook.
One of the biggest mistakes that businesses鈥揳nd individuals!鈥搈ake is assuming that threat actors won鈥檛 waste their time chasing them. Typically, small businesses and individuals have less money than larger enterprises; therefore, folks at these smaller organizations believe that hackers will follow the money.
The reality is quite the opposite.
Those large enterprises usually do have more money, meaning they can invest in fancier and better cybersecurity tools to keep their assets safe. They can afford to hire experts to monitor their environments. So while a hacker might need to spin a few cycles to make her way into the environments of these large enterprises, it might only take a few clicks to take down Charlotte鈥檚 Ice Cream Shop up the street.
Whether you operate a , a or a , you are a potential target. Sometimes, an attack is just a crime of opportunity, much like we saw with log4j, where attackers were scanning and hacking any vulnerable devices they found. Other times, attacks are targeted, as we saw with VMware Horizon. Point is, no one is immune鈥搉ot even a gas pipeline.
And if you鈥檙e on the hunt for love, heed our solid advice, courtesy of a Spongebob meme:
The culprit of the Colonial Pipeline ransomware attack? . The real knife twister is that the account in question wasn鈥檛 even being used at the time of the attack鈥揵ut it could still access the network.
The point here is closely related to our first lesson learned: hackers are lazy but efficient. They鈥檙e fans of targeting the weakest link. Sure, they could consistently go after an organization鈥檚 most critical assets (such as their servers), but why go through all that hassle when there鈥檚 a much easier route to gain entry?
And sometimes, that route is as simple as sending a phishing email.
This is why layered security is such an important component of any modern cybersecurity stack. It鈥檚 harder to detect an attacker moving laterally within a network once she gains access. A stack that features detection and response features to find and evict hackers can make all the difference in how detrimental an attack is.
Oh, to be as ambitious an employee as an attacker.
Their success correlates to constantly leveling up their cyber knowledge. They study their adversaries (that鈥檚 us) and the tools we use, learning how to circumvent them.
And they鈥檙e good at it.
They鈥檙e masters at defense evasion. They embrace that they鈥檒l be lifelong learners as long as defenders keep defending.
And that鈥檚 why we defenders can鈥檛 just keep pace with today鈥檚 hackers.
We have to think ahead, continue to upskill and question to improve the status quo. We have to be on the lookout for new threats and actively learn how to combat them.
That also means we should pressure our vendors to keep their products up to speed to combat not today鈥檚 but tomorrow鈥檚 threats.聽
If you鈥檙e reading this and you work at a small business, I hope your takeaway from this reflective piece is simply to exercise caution. You鈥檙e not too small or too unknown to be a dangling carrot for today鈥檚 threat actors.聽
Take reasonable steps, such as implementing multi-factor authentication (MFA) and using (never reusing!) strong passwords. If attackers target you and realize you鈥檙e going to present more of a challenge than they鈥檇 anticipated, they鈥檒l likely move on to the next 鈥渨eakest link.鈥
But perhaps the most important takeaway for us all is that we鈥檒l never really win the cybersecurity battle. Cybersecurity is more of a goal than anything鈥揳nd it鈥檚 a goal that we as defenders have to work toward every day.聽
And we鈥檙e here to help you do that.
Check out our cybersecurity education resources. And for a monthly, timely discussion of the latest hacker tradecraft and techniques, check out Tradecraft Tuesday.
* Special thanks to Roger Koehler for his help with writing this blog.
Get insider access to 杏吧传媒 tradecraft, killer events, and the freshest blog updates.
