The best attacks are the ones you never see coming. While most data centers are the focus of cybersecurity hardening, edge computing environments can sometimes be overlooked.
Given this, groups like MoneyTaker exploit edge environments to make, or rather take, their money. Working in complete secrecy for over a year-and-a-half in 2016-17, they pulled off over 20 successful attacks and took away an average of $500,000 per incident in the U.S.
Their exploits included attacking 16 financial institutions and law firms in the United States, one in the UK, and three in Russia. Group-IB reports:
The first attack in the US that Group-IB attributes to this group was conducted in the spring of 2016: money was stolen from the bank by gaining access to First Data’s "STAR" network operator portal.
Since that time, MoneyTaker has attacked companies in a total of 13 U.S. states on top of the four incidents abroad. In one case in Russia, hackers infiltrated a bank’s network by first “gaining access to the home computer of the bank’s system administrator.”
Once discovered in 2017, MoneyTaker still managed to pull off an even more daring exploit in 2018, running off with nearly $1 million dollars of the Russian bank, PIR, by infecting “a compromised router used by one of the bank’s regional branches.”
So how does the enterprise business defend against attacks like this? With a distributed network of employees (with minimal training in cybersecurity), infosec professionals face an uphill battle. There are a few things you can do to save time and harden the edge.
Defend the Edge
Hyper converged infrastructure (HCI) and virtualized environments allow companies to deploy scalable storage and network resources to the edge, wherever they are needed. In many cases, these systems can be deployed in a day or two and you do not need to deploy on-site personnel for lengthy stays to get them up and running.
Data security has also come a long way in terms of ease-of-deployment. Many times core security features come baked into the products with minimal configuration required. Beyond that, there are a few key data security considerations to make sure your data at the edge is secure.
The Perimeter is Dead
The trusted, single perimeter is dead. With edge computing, that kind of perimeter has lost all meaning. In its place is a segmented perimeter for each remote officer. But remember, firewalls have never been enough, even when it was a single perimeter.
Going along with the Zero Trust model, each remote office should have a hardened perimeter and a hardened interior. The model’s motto of “never trust, always verify” should be strictly adhered to.
Encrypt Everything
It should be a given that all data-in-flight should be encrypted. Unfortunately, much of it isn’t. According to a recent study conducted by Zscaler, 91.5% of IoT communication happened in plaintext. This is a potential treasure trove of information for hackers. All communication should be encrypted with the private key properly managed.
Onto protecting data-at-rest: HCI and virtualized environments, especially VMware’s vSAN 6.6+ and vSphere 6.5+, have AES-NI encryption already installed and ready to enable. Since vSphere is guest OS agnostic, you do not need to worry about a patchwork of encryption technologies.
Instead, VMware encryption allows companies to uniformly manage their encryption for both VMs and vSAN; creating a unified encryption strategy for their sensitive data. Also, since VMware encryption is policy based, applying it can be done to as many or few VMs or vSAN clusters that you need, thus minimizing any performance impacts of the encryption.
Important: As with all encryption, an encryption key is generated and must be properly stored and managed. Your encryption is only strong if your keys remain safe. Fortunately, vSphere and vSAN encryption are KMIP compatible and allows third-party key managers to easily secure and manage the keys. The ideal key management solution should be KMIP compatible and provide high availability, standards-based enterprise encryption key management.
Trust No One
All traffic within a network should be considered a potential threat. This means, in advance, each user should be restricted to the least amount of data possible to adequately do their job. Then, all users should be challenged each time they log in to ensure two things:
- They are authorized to access the network by presenting current and valid login credentials as well as authenticated with multi-factor authentication.
- They are secure by establishing a secure connection to the network.
Once we have done that, the last thing to do is to constantly verify that they are doing the right thing through logging, inspection, and resolution management.
Final Thoughts
Edge computing has brought the speed, efficiency, and innovation that companies need to stay competitive in today’s marketplace, but with it has come a host of new concerns. With data protection laws like the GDPR and CCPA that give governments the ability to fine and consumers the power to sue if companies under-protect client data; organizations are scrambling to make sure they are properly protecting their sensitive data now, before a breach happens.
Attacks on the edge are inevitable; but a data breach isn’t. Expediency would have you defend the edge with ad hoc measures. Take a holistic approach. Never trust; always verify. Only then can you truly defend the edge and your company.