The Sony Pictures hack is turning out to be quite an intricate saga of misdeeds. From the tools and methods used to the ever-expanding sphere of destruction attributed to the Lazarus Group, ongoing forensics are shedding light on strikingly similar advanced persistent threat (APT) campaigns targeted at various other media, finance, and manufacturing firms around the global. And while the sophistication of the attackers' tooling and methods is certainly to be reckoned with, the apparent emergence of DevOps-like enablement in the digital underworld is arguably greater cause for concern.
Fortunately, security firms are now joining forces and using similar collaborative initiatives of their own to combat the Lazarus group. Dubbed Operation Blockbuster, an industry alliance consisting of industry heavyweights like Kaspersky Lab, Symantec, AlienVault and Novetta, among others, aims to dismantle or disrupt the hacker group's operations. The alliance's pooled research efforts and malware analyses not only reveal a comprehensive suite of highly advanced malware at Lazarus' disposal, but also DevOps-like coordination and cooperation between actors, possible even between disparate groups. According to Novetta, the existence of several collaborating groups implies similar goals and shared "tools, methods, taskings, and even operational duties.”
"They accomplished this not by using exceptional malware or highly technical techniques, but through determination, focus, and great organizational and coordination skills—skills that they have displayed to varying degrees in other linked attacks."
- Wired Magazine
Lazarus' tool chest consisting of trojans, keystroke loggers, scrapers, installers/uninstallers, propogating mechanisms, DDoS botnet tools, and hard drive wipers, and more is daunting in its own right. We know what DevOps can do for businesses and organizations intent on gaining a competitive edge; nefarious enterprises stand to reap the same benefits.
Unnerving to say the least, especially when considering the numerous similarities between the two camps: a toolchain highly specialized per application (attack/target), a high degree of polyglotism amongst the hacker community, and team members competent in juggling programming skills with IT operations expertise. Of course, the coalition behind Operation Blockbuster is also using collaboration, a common toolset, information unsiloing, and a culture of sharing across functional groups.
Fight fire with fire, as they say.
However, DevOps (or DevSecOps/SecDevOps/Rugged Ops) is not enough by itself to prevent getting hacked. Making cyber vigilance an organizational affair (i.e., not throwing security over the IT wall) is crucial but insufficient, even when paired with the best layered continuous security measures. The fact is that data breaches are inevitable—this is the requisite mindset for surviving in today's cyber threat landscape, even if you've never experienced (or discovered) an IT security compromise.
Make your organization more digitally resilient by treating security as a risk management function, not a binary state. This entails acquiring the proper cyber risk insurance coverage and—as a precursor—mechanisms for quantifying your firm's level of compliance, integrity, and security. This is precisely what UpGuard's platform for digital resilience is about: continuous security and integrity monitoring coupled with the CSTAR scoring system for an easy-to-understand, pragmatic measure of your organization's security posture.
All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Blog >
The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Blog >