I’m Afraid We No Longer Need You

Riverbank Ruminations; Observations from The Banks of The Technology River

Tom Evans ~  Ashton Engineer Emeritus

You may have heard these words at one time or another in your career. I have heard them twice. I was at one company for 28 years. Early in my IT career with them, like many others in IT back in the ‘old’ days, there really was not an IT department as such, since local computers were still far from commonplace. The company was just starting to invest in PCs and networking was still in the future. The business was run on an IBM mainframe at headquarters and green bar reports ruled the world. No one understood what I or my assistant did, other than the reports.

With that environment, my job seemed to be less than necessary so they gave me 30 days notice. When some other employees were asked to pick up the slack, they refused the extra workload. The company decided I was somewhat necessary and offered me a ‘new’ position under Finance. Later, when the recession hit in 2008 I was less successful in dodging the bullet and was let go. Being 60 years old at the time, it was a much different situation. Eventually, Jim Millican at Ashton decided to take a chance on a ‘geezer’ and I was once again gainfully employed.

The Pandemic Has Led to Outsourcing

It’s no secret that the pandemic has forced a lot of employers into the position of having to reduce their workforce. It’s also no secret that even without the pandemic as a driver for companies to reduce expenses (layoffs, outsourcing) those moves will often still be seen as controversial. Which leads me to this article about outsourcing.

In the traditional business world, there is a constant need to manage risk as well as costs. It seems that also holds true in the world of ransomware and data theft.

“As developing and maintaining stable network access comes with a high risk of detection and requires significant time and effort, ransomware authors are increasingly seeking third-party help”.

Ever ones to be aware of ways to leverage assets, possessors of zero-day exploits are using them to create access to networks and then selling the access instead of the exploit. Sort of like selling the milk instead of the cow. The access providers assume the risk of detection and any consequences and the service buyer is free to focus on plundering the network.

Persistent Network Access

The fact that persistent network access is a commodity should be very concerning to anyone who has a network. The article also stated that “The market for network access was pioneered by “Fxmsp,” an infamous threat actor thought to have made millions over the past few years. Although indicted by the US, he is thought to be currently living in Kazakhstan, which has no extradition treaty with Washington.” (emphasis mine).

What does it take to enable persistent network access? First, you need an entry point. As mentioned above, this can be a zero-day exploit. This is a vulnerability that is not publicly known but can be used for nefarious purposes. Second, you need to deploy the exploit. If the exploit is for an internet-facing device, then the bad guy just sits outside and bangs away until he is in control. If the exploit is for a device on the network but not directly accessible externally, then the bad guy needs to get someone who is on the network to deploy the exploit for him. Enter phishing emails.

They’re Into Your Network. Now What?

The initial entry to the network may not deploy the more important exploit. It may just be setting up a channel that allows the bad guys to connect to your network without your permission or knowledge. Once this is done, a more persistent connection and communication channel is established for future reconnaissance and possible malware deployment.

There have been instances where malware was deployed, discovered, and removed successfully, only to have it reappear again, even after the infected devices were completely wiped and rebuilt. This was accomplished by installing a repository elsewhere on the network. The repository was not found and thus the bad guy had a way back into the network.

So, while the goal is to prevent intrusion, cleaning up only the obvious effects of an intrusion is not enough. The whole network needs to be inspected and disinfected. Network traffic needs to be monitored for abnormal traffic well after cleanup efforts are complete.

For many small businesses making a network secure is something they need to outsource. Outsourcing decisions sometimes result from perceived costs being less than doing something in-house. Outsourcing can also be driven by a lack of expertise in-house. Especially for small businesses, security expertise and network management is not something they have resources for. With work-from-home looking like the ‘new normal’ for the time being, the security and network management issues become more complex as the business is no longer confined to one location, but rather spread out over many locations, all remote from the scrutiny of management. When it comes to outsourcing your security, a line from Indiana Jones and the Holy Grail comes to mind “Choose wisely, for while the true Grail will bring you life, the false Grail will take it from you.” Much the same can be said about choosing someone to handle your security.  Call Ashton Technology Solutions at 216 397-4080, if you choose to secure your grail as if it’s important to you.