Infiltrating the Mafia
As a movie/TV buff, 2019 has been a bit of an interesting year; with several long-term film and television programmes coming to an end – Game of Thrones, The Avengers, Line of Duty, Star Wars (to come), and so on. TV is compelling viewing, because it draws you in, you become a bystander, you get drawn into your own characters and you feel a part of everything that comes as a result. I’ve planned this year to do something I’ve always wanted to do: watch the IMDB top 100 and 250 films of all time.
I took a glance recently and decided to watch a film called Donnie Brasco. I’m an action film fan, particularly ‘gangster’ films. Classics such as the Godfather trilogy, Goodfellas, Pulp Fiction and Reservoir Dogs – it’s a film very much within that genre. This ‘based on a true story’ classic, has two main characters, one is Donnie Brasco, an undercover police officer played by Johnny Depp and the other is low-level gangster with a trusting heart of gold called Benjamin ‘Lefty’ Ruggiero played by the utterly incredible Al Pacino. Based on a true story, it charts the attempts by Donnie Brascos to infiltrate a Mafia crime family by getting ‘close’ to a low-level gangster in ‘Lefty’ and infiltrating from within. I made my 13th visit to InfoSecurity Europe recently and noticed a distinct increase in solutions designed at protecting against lateral movement and I draw some highly obvious parallels. Why knock on the front door with a malware variant, when I can infiltrate quietly, with stealth and make my way through a business using a trusted profile?
I’ve been in discussions with a client recently about the use of Micro-Segmentation and Soft Defined Networking. The primary reason for my client looking at this technology is they have a concern that breaching the organisation, a concern that all customers will have, will happen because of compromise from within, primarily because a once simplistic network has now grown obscure and complex. This particular customer has a large number of ‘privileged users’, if you could somehow compromise an internal user and laterally move within, you could conceivably achieve their goal of accessing and exfiltrating data. NCSC defines ‘lateral movement’ as the process of cementing a “foothold whilst gaining further access to valuable data or systems”, and this is achieved by compromising a host, performing some surveillance and to use their ‘trusted’ presence in the network to “try to compromise additional hosts and escalate their privileges”.
Our friend Donnie Brasco, a young enthusiastic and motivated Police Officer realised that his best chance to get close to ‘top’ of the crime family was to target a specific person, get close to him, make friends in any way possible, and make your move, closer and closer the top. Once he was ‘trusted’ he could then get closer to real people in charge. Turning up one day with a police uniform and waving a badge was clearly a tactic that wouldn’t yield much success, so something more sophisticated was required. We are continuing to see more and more attacks on businesses that are using techniques that we consider as ‘sophisticated’. NCSC go on to say that “you should assume that an attacker with sufficient time and resources will eventually be successful”, and they give some sound advice that we at Armadillo Managed Service are finding ourselves discussing more and more often. Protect credentials, use a good authentication, protect privileged accounts and apply the principal of least privilege, locking down your devices and segmenting the data.
Benjamin ‘Lefty’ Ruggiero was described as a ‘Soldier’, a low-level associate, but nonetheless ‘well connected’ within direct access to the power within. Armadillo Managed Services continue to have discussions with customers about the same topic, protecting data. In years gone by technology like DLP, Hardware Security Modules (HSM) and Encryption were the ‘go-to’ solutions, but today, we are continuing to see that the ‘bad guy’ persists in developing his own techniques and tactics and more strength in depth is required, while developing a strategy that works, it also enables a business to protect what it has that’s of intrinsic value – it’s data.
Written by: David Newson, Client Director at Armadillo.