Unidentified Leak Paths Led to Successful Hack of South Korean Military by North Korea – Part I

According to

Leak Paths Are Central to Most of Today’s Successful Breaches

Perimeter defenses are well-tested protective elements that have been used for thousands of years. Instead of protecting each house in a city against invaders, walls were built around the city, and well-guarded gates controlled access to the city. Often, there were lesser entry points through the walls, for convenience or special uses. These included “postern gates,” which were small entrances far from the main gates. There are numerous tales of cities that fell because their perimeter defenses were subverted by these little known entry points. Spies on the inside, who find these long-forgotten “postern gates”, provide an entry point for covert operations and that is exactly what happened in this case.

These unknown or unauthorized entry points are leaks – a means to malicious or unauthorized entry across the network perimeter. Firewalls and intrusion detection systems serve as gatekeepers to defend the network; nevertheless, circumvention can and does happen. Unlike data leaks, which represent the egress of sensitive information from an organization’s control, Internet leaks are unrestricted pathways into and/or out of an organization’s network perimeter. Malicious attackers use these paths to infiltrate networks, compromise endpoints, shuttle additional malware, install encryption software for ransomware, move laterally to find sensitive data, and even take over additional systems through more infections. According to a

Core of the Problem

Continuous changes to the network landscape, including infrastructure, operating systems, and applications can cause organizational security policy and network defense configuration to become misaligned, contributing to a proliferation of leaks. And it only takes one leak to allow malicious intrusion into a network.

Proactive identification of leaks and exposed network zones allows effective prioritization of remedial resources to prevent network subversions. When combined with the other aspects of a comprehensive Network Assurance program, real-time leak discovery can be a powerful mechanism for comprehensively protecting an organization’s network.

Stay tuned for Part II of this two-part series which will cover the differences and implications of inbound versus outbound leak paths. While it may not seem obvious, an inbound leak path is often the precursor to an outbound leak and more indicative of a breach attempt. In addition, we’ll cover some recommendations in proactively identifying leak paths and segmentation violations.

About the author:

Source: infosec island

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!