• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer

US Military

  • Branches
    • Army
    • Navy
    • Air Force
    • Marine Corps
    • Coast Guard
    • National Guard
    • Air National Guard
    • Find A Recruiter
  • Find A Recruiter
  • Military Benefits
    • GI Bill
    • VA Loans
    • Military Scholarships
    • Military Friendly Colleges
    • Money
  • Jobs
    • Military Pay Chart
    • Veteran Jobs
    • Civilian Jobs
  • VA Loan Rates
  • Military News
    • Top News
    • Benefits
    • Careers
    • Education
    • Featured Columnists
      • Larry Fowler
      • Scott Ostrow
      • Kim Lengling
      • Dr. Sasha Toperich
      • Rick Stewart
  • GI Bill
  • VA Loans
  • Military Scholarships
  • Top Military-Friendly Colleges and Universities in America

It Can Happen to You: Know the Anatomy of A Cyber Intrusion

October 19, 2015 By admin

WASHINGTON (NNS) — Compromising the cyber integrity of the network threatens every user and every system on your ship or in your building. Violating security best practices, circumventing security policies, carelessness and falling victim to social networking exploits opens the door to cyber adversaries who can exploit vulnerabilities which may directly impact our Navy’s warfighting capability and potentially threaten our lives.

Cyber foes are no longer just recreational hackers in pursuit of bragging rights. They are cyber-criminals, cyber-terrorists and nation-states who are in constant pursuit of access to our systems. They can corrupt our Navy’s data, shut down our networks and business systems, steal our science or technology and compromise the systems that run our ships, aircraft and weapons-at keystroke speeds.

Each of us stands guard on our Navy’s Digital Quarterdeck. To improve our Navy’s cybersecurity and successfully detect, prevent and resolve cyber persistent threats, you need to understand important stages of how adversaries can compromise our defenses.

Stage 1 Recon

During cyber adversary work-up periods, adversaries learn about the vulnerabilities of their target. Prior to an incident, they will gather information about the targeted networks, their systems, personnel, logistics and warfighting capabilities. They will employ many techniques, but interacting with their targets online is often the easiest method due to the volume of freely accessible information posted to popular social networking, media and web sites. Well-known, highly successful techniques to gain initial network access include:

* Social Engineering and Complacency – Adversaries rely on human interaction and are often successful due to their victims violating established security policies and procedures. Their goal is to get you to relax your vigilance to the point where you feel comfortable or compelled into surrendering personal or confidential information. This information could enable them to access sensitive data without your knowledge. Cyber criminals might trick you into visiting a webpage or plugging an unauthorized device (USB memory stick, CD/DVD, hard disk drive, cell phone charger, gaming console) containing malicious code into a computer on the network. By successfully piggy-backing through personnel checkpoints, thereby obtaining physical/close access to our networks, bad actors can also connect these devices to our workstations themselves.

* Phishing (“fishing”) Email – Although known by many names depending on the targets and medium used, adversaries will send what appears to be a legitimate business or trustworthy e-mail from someone you know. It will contain a sense of urgency and a web site link in the body or in an attachment. By clicking on the link, opening the attachment, or visiting a referenced web site, you might be directed to a realistic but fraudulent website that may prompt you to provide credentials, financial information or Personally Identifiable Information (PII). Alternately, you might be directed to another web site where additional bad software (malware) will be deployed onto your now compromised computer. Once the adversary owns your computer, you may be actually forwarded to the real site and you will never suspect a problem.

* Watering Hole – Adversaries will target specific interest groups or organizations. They profile victims and observe the kind of websites they visit or the social media circles they frequent. Then, identify a vulnerability on one of those websites, compromises the legitimate site and wait silently for victims. Users who visit a watering hole site are stealthily redirected to another site and exploited by the adversary through the implanted malware. The computer is now compromised and often the victim will never see the incident.

Stage 2 Intrusion and Enumeration

As a result of falling victim to social engineering tactics, complacency, poor judgment, disregard for mandatory policy or unauthorized computer use, the network is now compromised – Set Cyber General Quarters! On your watch, the adversary has gotten past your digital quarterdeck. Once inside the network, a stealthy intruder will blend in with normal traffic, making detection very difficult.

Similar to the recon of the network’s perimeter for access points, the adversary now begins identifying existing security flaws within the network’s lifelines. Intruders will covertly deploy their cyber tools. Software will be used to probe computers, identify vulnerabilities and scan the environment to put together a cyber map for better understanding your network terrain. If it has power and it communicates, it is probably accessible.

Stage 3 Malware Insertion and Lateral Movement

Adversaries will establish persistence by creating additional points of presence throughout your network by using software such as remote access Trojans (RAT), which are more commonly known as backdoors. They will attempt to move laterally, spreading across the network and hiding in the deepest areas in the network while lying dormant. Other adversaries will implant software that captures key strokes and grabs passwords, which helps them crack accounts that give them more privileges on your network and get the keys that will give them access to mission critical information, sensitive data, valuable intellectual property or warfighting/platform control systems.

Once the intruder has persistent presence, they can degrade or disrupt network activity at whim. Determining the full scope of an intrusion can take months to years, and we can never fully guarantee that all backdoors and other software have been completely removed.

Stage 4 Data Exfiltration

The hull has been breached. The digital integrity of the network has been fully compromised. Once an adversary determines that they have established reliable network access, they can move sensitive information to an outside location. Even though files and passwords are often encrypted, encryption can be cracked outside of the compromised environment. When that happens, intruders can then identify alternate targets and re-engage, or use the information obtained to go after another victim.

Stage 5 Clean Up

The final step of a cyber incident is for the intruder to clean up. Some merely disconnect, unconcerned that the victim may eventually find out what happened. Other more sophisticated actors will attempt to rid all systems in the network of any forensic evidence or trail of compromise. The intruder will delete data, over-write data, remove implanted files, clean up event logs, deactivate alarms, roll back software updates, delete backups or erase hard drives. Their goal throughout the entire incident is to erase any trace that the incident ever happened or make it look like a computer glitch while maintaining backdoors they can revisit at any time to exploit our systems further.

Each of us is on the front line of the cyber warfighting domain. We are all sentries guarding a potential entry point on the perimeter of the Navy’s network and are charged with the defense of our information systems’ warfighting capability. Each of us has a finger on the keyboard and mouse and it only takes one lapse of judgment, mistake or a one click misfire to give it all away. You are our greatest asset, and our greatest vulnerability.

No matter what the intent, whether financial, to steal intellectual or state secrets, or install malicious software that will be activated during the next conflict, our cyber adversaries are determined, intelligent and have little chance of being identified and little concern about reprisal.

Cyber threats are real. Traditional cybersecurity measures, such as defense-in-depth, firewalls and antivirus, cannot protect against the human element of advanced persistent threats. However, you can. Do not engage in practices dangerous to our Navy’s cybersecurity. The CNO has made it clear that “cybersecurity is a commander’s business” and requires all hands to keep the Navy and our nation safe. It’s important that each of us treat our network as the weapon system.

Filed Under: daniel articles, Navy, Top News

Recent Posts

  • What Makes Navy SEALs The Best Special Forces Operators in the World Today?
  • How Was Military Time Created And Why?
  • The Best 5 US Military Bases In The World
  • Congrats To Recent Graduates And Is The Military A Great Place For Young People Today
  • The Best Jobs in the United States Army
VA Loans

Primary Sidebar

IMPORTANT DISCLOSURE

USMilitary.com is a privately owned website and is NOT AFFILIATED (or endorsed) with the U.S. GOVERNMENT, U.S. ARMED FORCES, or DEPARTMENT OF VETERANS

USMilitary.com Career Guide

Sign up to receive USMilitary.com email updates and to hear what's going on with all military branches!

Featured Columnists

Larry Fowler

Larry Fowler is the publisher of USMilitary.com Network one of America's premier privately owned

Do You Know The Army’s Most Dangerous Jobs?

Scott Ostrow

Lt Col (Dr.) Scott A. Ostrow retired from the Air Force in September 2005 and has been teaching

Congrats To Recent Graduates And Is The Military A Great Place For Young People Today

Kim Lengling

Kim Lengling is a Air Force Veteran whose passion is to help support veterans and their

This Memorial Day: The Knock On The Door

Dr. Sasha Toperich

Dr. Sasha Toperich is the Senior Executive Vice President at Transatlantic Leadership

Sarraj’s Dangerous Dance With Power

Rick Stewart

Rick Stewart is a former United States Air Force Survival, Evasion, Resistance, and Escape (SERE)

Announcing American Patriots Unsung Magazine

Nathan B. Nelson

Capt (ret) Nathan B. Nelson is the Director of Military Affairs for the 1st Congressional district

Three Critical Considerations for Every Veteran Prior to Leaving Active Duty

Laquan Daniels

Laquan Daniel is a military recruiting expert with over 17 years of specialized experience in the

Important News For Military Transitioning Veterans

Veteran Buzz

High-Paying Jobs for Military Veterans

5 High-Paying Jobs for Military Veterans

July 2, 2018 By Ben Ehinger

High Paying Jobs Not Requiring a Degree

June 28, 2018 By Ben Ehinger

7 Best Military Careers That Lead To High Paying Civilian Jobs

June 10, 2018 By larryf

VA Loans

Footer

  • Advertise With Us
  • Privacy Policy
  • Write For US
  • Link to Us

Recent

  • What Makes Navy SEALs The Best Special Forces Operators in the World Today?
  • How Was Military Time Created And Why?
  • The Best 5 US Military Bases In The World
  • Congrats To Recent Graduates And Is The Military A Great Place For Young People Today
  • The Best Jobs in the United States Army

Search

© Copyright 2022 USMillitary
Web Design by Goebel Media Group


THIS IS A PRIVATE WEBSITE THAT IS NOT AFFILIATED WITH THE U.S. GOVERNMENT, U.S. ARMED FORCES, OR DEPARTMENT OF VETERANS AFFAIRS. U.S. GOVERNMENT AGENCIES HAVE NOT REVIEWED THIS INFORMATION. THIS SITE IS NOT CONNECTED WITH ANY GOVERNMENT AGENCY.