3 minute read
CYBER SECURITY OUTLOOK
Lying in Wait: Cybersecurity Measures to Take to Counter Sleeper Agents
By Ken Fanger, MBA, CMMC-RP, President, On Technology Partners
One of the recent methods of attacking your systems is a “sleeper agent.” This is a malicious program that lays dormant in your computer, waiting to attack at a later date. These are very tricky because it means the attack or infection will also be on any backups that you make, so that when you restore from that back-up, it also restores the virus or ransomware you are trying to remove. It’s devilishly clever and very disruptive.
Hackers have become more patient as well. Some will even wait up to a year before attacking so that all of your back-ups have been compro - mised, making you desperate and more willing to pay them to (hopefully) restore your data.
Imagine this: you’re hit with a cyber attack. You feel okay; you’ve always done your back-ups. You check them, manage them, and keep them safe, doing everything you’re supposed to do.
The cybercriminals have encrypted all your valuable data, followed by a demand for thousands of dollars to unlock it for you. You’re not worried; you’ve been performing proper back-ups and you’re confident that everything is safe and secure. Your back-ups are off-site and have been protecting you for a year. You laugh in the face of the foolish attackers— hahaha!
The back-up restores your files and systems, and you’re ready to go. Unfortunately, the next morning, all your files are locked and unavailable to you again. Okay, no problem. You restore from a few days ago. Night comes and you sleep restfully, knowing everything will be restored back to normal, only for the process to repeat again, and your files are still compromised. What now?
We’ll begin by understanding what’s happening. In the past, hackers would attack immediately when you clicked on a bad email or a compromised link, then addressed it with new security protections. Good news for you and me, bad news for the hackers.
Sadly, more and more cyber attacks aren’t happening immediately. Instead, hackers are putting programs onto your computer that then go to “sleep.” When it’s initially installed, it doesn’t do anything harmful or noticeable, so it goes undetected until disaster strikes.
While the usual protocol for a cyber attack might call for something like the back-up situation we just explored, with sleeper agents, we have to pivot and be more proactive. The key to stopping a sleeper agent hacking attempt is to detect them as they come in.
Operating systems, like Windows and Mac OS, will assume that if you authorize the program, it should be allowed to install. The hackers take advantage of this and put their sleeper agents into other install software that you may think is innocent. This way, when you give permission for something to be installed, it just comes along for the ride.
The counter to these sleeper agents is called an application control program. It reviews all the programs that regularly run on your computer and looks for those that do not appear to be doing anything or are acting out of the ordinary. It then flags these programs and sections them off, preventing them from making changes to your vital information.
The application control program does this by learning what you typically do on your device and how your device works. There is a learning period where it monitors the average uses of the device and remembers them. It then watches each program to see if it’s working in that same way as time goes on. If it is, then everything is good and can carry on its merry way. But, if an agent is being too quiet or starts asking to make changes to your files that are out of the ordinary, it is shut down, blocking access from any of your files.
The world is changing, and hackers are changing along with it. As our defenses change and grow, so do their attacks. Because new attacks are being developed every day, you should always have an adaptive approach to cyber security. Cyber security is never going to be a one-and-done situation, so you should always be adapting— the hackers are, and they’re lying in wait to strike. We have to be ready, too.
Author profile:
Ken Fanger, MBA has 30 years of industry experience in the fields of technology and cyber security, and is a sought-after CMMC Registered Professional, helping manufacturers and contractors to meet DoD requirements for CMMC compliance. He is passionate about technology deployment, and his MBA in Operations & Logistics has helped him to be an asset in the designing and deployment of networks to enhance the manufacturing experience. Over the past 5 years, he has focused on compliance and security, including working on the SCADA control system for the Cleveland Power Grid. Mr. Fanger works with each client to identify their unique needs, and develops a customized approach to meeting those needs in the most efficient and cost-effective ways, ensuring client success. n
