ACRE – Killing Cyberattacks on Contact
Companion Blog Post for ManTech TV Video
By Yvonne Vervaet
In the hours leading up to April Fool’s Day 2018, two contrasting experiences in cyber defense of critical infrastructure played out in Atlanta.
Citywide, a virulent form of ransomware called “SamSam” took control of metropolitan networks, reducing the police department, court system and other critical government agencies to reliance on pencil & paper and fax machines.
Across town, results of an awe-inspiring event unfolded. Cyber professionals from 12 national banks engaged in an exercise where they defeated WannaCry, the very same ransomware that had hamstrung European networks and IT infrastructure in May 2017 and roused the world to an insidious criminal act that could strike anywhere, any time.
Except now at a growing number of U.S. banks.
Under the auspices of FS-ISAC (Financial Services - Information Sharing and Analysis Center), one of 24 industry groups created by the US Department of Homeland Security to protect America’s critical infrastructure, cyber teams from the financial sector are exploring an innovative way to crush ransomware – or any form of cyberattack – before it sneaks out of the dark and onto a network.
Stopping Cyberattacks – 1,2,3.
In Atlanta, banks’ cyber pros took part in a “cyber range” exercise, putting their skills and employers’ cyber defenses to the ultimate test: protecting a replication of a typical banking network from WannaCry. The team benefited from a unique approach to cybersecurity: ManTech’s Advanced Cyber Environment (ACRE), which applies knowledge of cyber offensive capabilities to defeat malware. By knowing exactly what to expect, banks’ cyber teams stopped ransomware dead in its tracks with zero impact on operations.
The lesson is one that government agencies and businesses need to learn, and fast. The SamSam attack on Atlanta, as bad as it is, represents just one tiny part of a expected to do an estimated US $11.5 billion in damage worldwide by 2019.
Even more chilling, ransomware is but one mask worn by 21st century’s full range of cyber threats, which can attack in many guises – Zero Day vulnerabilities, man-in-the-middle attacks, botnets and Trojans, to name just a few – and do their dirty work for months before they’re discovered. Today, a new form of malware emerges every 3.2 seconds. From all signs, many enterprises are poorly equipped to fight off these attacks. Even worse, conventional approaches offer little help.
Some argue that it’s cheaper to pay the ransom than to risk damage to a network. Hackers, in fact, count on victims to follow this line of reasoning, and typically set the ransom low to encourage it. The problem is that submission to hackers only encourages future ransomware attacks.
The Need for Military-Grade Cyber
Heavily involved in the cyber arena for some two decades, the U.S. Department of Defense (DoD) was the first to embrace ManTech’s offense-informed cybersecurity in their “cyber range,” which – like ACRE – trains personnel in tactical responses to attacks, and recommends enhancements that can quickly identify and patch any undisclosed network vulnerabilities.
Banks’ cyber professionals who participated in the Atlanta cyber range test against WannaCry relied on a tailored variant of the same cyber range capability used by the DoD. With nearly $17 trillion in as of March 21, 2018, U.S. commercial banks have ample incentive to be just as aggressive on cybersecurity as America’s military.
In 2010-2011, Iranian hackers made relentless denial-of-service attacks on some Losses ranged into the millions of dollars. The lesson learned: Being “too big to fail” doesn’t mean you’re too big to hack. Financial players today take that lesson very seriously.
So should every enterprise and government agency.
Given the advanced tools available now to defeat cyberattacks, there is no excuse for inaction. The alternative: a calendar where every day is April Fool’s, and the “joke” is on America – courtesy of a hacker.