At the 2016 RSA Conference, CSO's Steve Ragan chats with Fengmin Gong, co-founder and Chief Strategy Officer of Cyphort, about the latest ways that cybercriminals are attacking networks. In addition, he presents some ways on how IT can prevent (or slow down) the attacks.
nterviewer: Criminals are really clever. They like to do whatever they can to get into your network, but sometimes they do ridiculously easy things to get into a network. What are some examples of the basics that they'll use to get in? Interviewee: We recently did a study. We collected, even for people's server, SSH access server, they're still using "abc123," a bunch of them. We see the criminal is trying them out easily. That's probably the silliest thing. Interviewer: What about not only the easy to guess passwords, but default credentials on your routers, or your hardware in general? Do you see that a lot too, still? Interviewee: Yes, a lot, and it's getting worse. As you know, the IoT thing, now we got so many device, people don't even know they have the AP, Access Point built in with default password. Interviewer: You mean, right now, somebody who has got a watch on your network, they could completely expose it to a compromise when you're not even watching? Interviewee: Actually, we are on the watch all the time. If you connect something to the Internet, if you haven't paid attention, you'll know in minutes. They will discover it and they will try to get on to it. Interviewer: What are some uncommon ways that they use to get in? Interviewee: Some of the uncommon ones, of course, in addition to, let's say, this massive drive by, a plain website get compromised, or using the malvertising. That's another dangerous thing. The next thing we have seen more and more is really all the things through the email, the spear phishing. They can get plain, target a lot of people, or sometimes they can target very specific people with very specific information, make it very convincing for you to click, download a file, and run it. That's very dangerous. Interviewer: Given all that then, what are some basics companies can do to better prepare themselves and prevent this from happening? Interviewee: Keep up with all your machines' updates. That's something they have to do. We have been talking about people still not doing it all the time, but the very next thing, of course, if you look at the traditional AV things on the end point, they do help, because not every criminal is using the zero day. People don't realize that. After that, then you really need to get to a solution where you can afford to watch all the possible points where you think a piece of malware can cross. That's really probably the most fundamental thing for the modern threat. You have to be aware of your network, where are your assets, and all the possible paths someone can cross. Interviewer: Excellent. When you talk about watching the endpoint, that implies visibility. How many companies actually have full visibility these days into their environments? Interviewee: I'm afraid if you look for the companies have close to 100 percent visibility, it's probably very hard to find. Typically, we find, for example, the financials, some of the top ones, indeed they are definitely much more aware. They have done a good job to have the basics.