Cybersecurity Lessons From Ancient History

Uploaded on 2022-05-06 in TECHNOLOGY--Resilience, FREE TO VIEW

In the Trojan war in the twelfth century BC, the legend of the Trojan Horse took shape. Whether the Greeks actually constructed a huge wooden horse and hid a select force of men inside, or if it was a battering ram, another sort of siege engine, or even a boat is not clear.

But whichever Greek poet you believe, the idea of getting your enemy to invite you into their securely protected place by hiding your malevolent intent played a crucial part in the sacking of Troy, and the turning point of the Trojan War.

History has its fair share of confidence tricksters and con artists too, cleverly gaining people’s trust and swindling them out of money or goods.

Three millennia later and metaphorically, a "Trojan horse" has come to mean any trick or stratagem that causes a target to invite a foe into a securely protected bastion or place. A malicious computer program that tricks users into willingly running it is also called a "Trojan horse" or simply a "Trojan”. It is designed to gain access to a network and damage, limit or steal data - and is a common precursor to a ransomware attack. For today’s con artists, the most effective way to conduct a successful cyber wire attack is to impersonate a supplier. 

Very little is new in the ideas of criminals even as technology and digitisation evolve - only the methodology and delivery systems have changed.  The two main approaches to cyber attacks impacting UK companies in 2022 are ransomware and impersonation.

Ransomware

Ransomware has become increasingly popular within organised cyber criminal gangs because it is easy to identify and target poor corporate security. In addition, the expansion of ransomware-as-a-service (RaaS) means that access to compromised networks is cheap, thanks to a rise in the number of initial-access brokers and RaaS tools.

The latest iteration, Double-Extortion Ransomware, relies on criminals not just encrypting data and holding the owner to ransom, but exfiltrating (removing) the data from compromised devices or systems first. By exfiltrating the data first, the criminals can threaten to release the data should you not pay the initial ransomware demand, rendering standardised data backups and data recovery plans obsolete.

Impersonation

In the case of impersonation, cyber criminals use domain or email spoofing techniques to create false websites and emails and initiate sophisticated phishing attacks that fool clients, suppliers and employees into giving away personal or company details. 

The best defence available today is to identify the precursor of attacks.  As was true with the Trojan horse: King Priam’s daughter Cassandra tried to warn him of the soothsayer of Troy, when she insisted that the horse would be the downfall of the city and its royal family. But Cassandra was ignored, and Priam was killed as the war was lost. And as with history’s long line of confidence tricksters, the warning signs are there, if you know what to look out for. 

The key to identifying the precursors of cyber attacks is understanding the nature of, and patterns within, a network’s traffic. Armed with this understanding, changes in the make-up of network traffic can indicate possible signs of cyber attacks in their infancy, and trigger a response before they cause damage and disruption.  

Achieving this is no task for the human eye, as the sheer volume and variety of data can make it almost impossible to identify patterns or anomalies and respond quickly to them. Detection systems that combine Machine Learning, AI platforms and advanced analytics are the only effective way to defeat the latest cyber threats. 

Such systems should also take advantage of what is being observed on other known organisational systems and networks.  Pooling global insights to detect insecure infrastructure and identify malicious activities across networks and systems is an important element in the fight against cyber crime. Checking third party lists of malicious IPs or domains, and comparing the data to legitimate traffic across known organisational systems, blacklisted traffic is another way to spot a potential compromise. 

This is not to say that the role of the human has gone, indeed good training and awareness of cyber threats remains important within businesses, as employees will always be the last line of defence. However, Security Operations Centres (SOCs) that can combine powerful AI platforms, global intelligence and human experts, are the new front line in the defence of every organisation against today’s cyber threats. 

Phil Ashley is Director of Crossword Labs at Crossword Cybersecurity

You Might Also Read:

Malware Versus Ransomware: What’s the Difference?:

 

« Are Your Employees The Weakest Link Against Cyber Crime?
Is Europe Ready For Cyber Warfare? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TrustedSec

TrustedSec

TrustedSec is an information security consulting services, providing tailored solutions and services for small, mid, and large businesses.

Exclusive Networks

Exclusive Networks

Exclusive Networks accelerate market entry and growth for innovative cybersecurity, networking and infrastructure technologies.

Nethemba

Nethemba

Nethemba provide pentesting and security audits for networks and web applications. Other services include digital forensics, training and consultancy.

EclecticIQ

EclecticIQ

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services.

NESEC

NESEC

NESEC is a specialist in information security consulting services and solutions.

K2 Integrity

K2 Integrity

K2 Integrity is a preeminent risk, compliance, investigations, and monitoring firm - built by industry leaders to safeguard our clients’ operations, reputations, and economic security.

HudsonCyber

HudsonCyber

HudsonCyber, part of HudsonAnalytix, provides leading cyber risk management services for the global maritime transportation industry.

VaultOne

VaultOne

VaultOne is a next-generation security solution that addresses security issues from different domains (Password Manager, Secure Access, PAM, Identity Management) as a single, integrated solution.

Swarmnetics

Swarmnetics

Swarmnetics helps customers discover hard-to-find software vulnerabilities by hacking your system before the bad guys do.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

SecureNation

SecureNation

SecureNation offers a wide variety of cutting-edge technologies and IT services to address almost any of your information security, network security and information assurance needs.

Buchbinder Information Technology Solutions

Buchbinder Information Technology Solutions

Buchbinder Tunick & Company is a premier CPA and advisory firm offering a broad range of assurance, tax, business consulting and IT consulting services.

Stryve

Stryve

Stryve is a leading carbon-neutral provider of specialist cloud and cybersecurity services in Europe.

Diverto

Diverto

Diverto is a company that provides a high level of information security to companies, institutions and other organisations in an information-centric world.

Leapfrog Services

Leapfrog Services

Leapfrog offers outsourced managed IT + cybersecurity services that are scalable, aligned, and fit easily into your business model.

SurePath AI

SurePath AI

SurePath AI is a SaaS platform that governs any GenAI solutions you build, adopt, or buy - even Shadow AI.