The company you keep: why even your business could be targeted by an APT

Major corporations with high-value assets aren’t the only organizations targeted by advanced persistent threats. While your company may not possess information coveted by cyber criminals, like nation-state secrets or credit-card account details on thousands of customers, it could be linked to organizations that do have this data. This means hackers could attack your company in an effort to reach their intended target. Part of practicing good information security encompasses looking at the company you keep and figuring out if these relationships increase the chances of your organization getting attacked.  

The Target breach is probably the most famous example of attackers using this tactic. In that attack, hackers infiltrated the company that serviced the HVAC systems in Target stores and stole the credentials the vendor used to log-in to the retailer’s network. With access to Target’s network, attackers were able to upload malware that captured credit and debit-card details from the chain’s point-of-sale system. The data breach ultimately affected approximately 40 million customers.

In July, attackers used this method to install malware in the point-of-sale terminals in 1,025 Wendy’s restaurants and steal credit and debit-card information on an undisclosed number of customers. According to the fast food chain, attackers infiltrated a third-party vendor that had remote access to the cash registers used at Wendy’s franchise locations.

Know what information your company can access

Your business may not need the same security measures as companies with thousands or millions of customers. But you should be aware of what, if any, sensitive information or systems your company indirectly deals with or can access. Naturally, you should make sure those systems are protected.

As the Target and Wendy’s incidents prove, service providers, especially those that can remotely access their customer’s IT environment, should review how they protect these log-in capabilities. If your company uses third-party vendors that can log-in to your network, consider asking them what security measures they have in place to keep these credentials secure.

All businesses should ask what makes their company successful since hackers are likely to target whatever differentiates an organization from their competition. Obvious answers are intellectual property, like a method for hardening steel, or data that can be used to commit financial fraud, like credit-card numbers.

Don’t forget to review your business’ connections to other companies

And, of course, who your company’s customers are and your access to them can be just as valuable to hackers as any intellectual property. Does your business play a secondary role in facilitating major business deals? Is your company responsible for processing health insurance claims that contain personally identifiable information? This could be the data an adversary needs to pull of an attack, making your company a target in the overall campaign.

The threat landscape is now much broader and sophisticated. Adversaries are now using techniques previously employed by only nation-state attackers to access sensitive systems and laterally move through an organization. Enterprise security strategies need to evolve in the same way. Start thinking like the adversary and asking ask what information or access does a company have that would be useful to someone else.

Israel Barak
About the Author

Israel Barak

Israel Barak, Chief Information Security Officer at Cybereason, is a cyber defense and warfare expert with a background developing cyber warfare infrastructure and proprietary technologies, including that of proprietary cryptographic solutions, research and analysis of security vulnerabilities. Israel has spent years training new personnel, providing in-depth expertise related to cyber warfare and security, threat actor’s tactics and procedures. As Cybereason’s CISO, Israel is at the forefront of the company’s security innovation, research and analysis of advanced threats.

All Posts by Israel Barak