IAM security heightened by cyberterrorism, nation-state attack concerns

At the 2016 Cloud Identity Summit, security experts discussed how fears of nation-state attackers and APT groups are spurring a renewed focus on identity and access management.

Growing concerns over nation-state attacks and cyberterrorism have led enterprises to put more of their cybersecurity eggs in the identity and access management basket.

During the 2016 Cloud Identity Summit in New Orleans earlier this month, attention was focused on the growing fears of sophisticated threat actors preying upon weak passwords, inadequate access controls and compromised credentials. Specifically, security experts talked about how nation-state cyberattacks and cyberterrorism have heightened awareness of IAM security…

Even something seemingly as innocuous as social media can be exploited by cyberterrorism groups and nation-state attackers, said Ori Eisen, founder and CEO of Trusona, an authentication startup based in Scottsdale, Ariz. Eisen said the Syrian Electronic Army, which hijacked the Associated Press’ Twitter account in 2013, showed how much damage that simple act can do to global financial markets. The hackers behind the attack used the AP account to tweet a false report that two explosions had occurred at the White House and that President Barack Obama had been injured.

That single tweet sent financial markets into disarray and caused the Dow Jones Industrial Average to plummet approximately 145 points. “That was $136 billion lost in about 90 seconds,” Eisen said. “One fake tweet and that’s all you need to short some stocks.”

Three Syrian Electronic Army hackers were later identified by the U.S. Department of Justice and charged in connection with the Twitter hack with an array of computer crimes including illicit possession of authentication features, access device fraud and unauthorized access to, and damage of, computers. In the announcement of the criminal complaint, which had been sealed prior to March of this year, the DoJ detailed how the group used spear-phishing attacks to steal usernames and passwords and then use the stolen credentials to take over accounts, websites and IT systems. The DoJ added that the three hackers “repeatedly targeted computer systems and employees of the Executive Office of the President (EOP)” in 2011 but never successfully.

Trusona advisor Frank Abagnale of “Catch Me If You Can” fame, who spoke at the Cloud Identity Summit, told SearchSecurity that the Syrian Electronic Army attack was indicative of how nation-state and cyberterrorist attackers can use stolen credentials to bypass authentication systems and steal millions of dollars and damage financial markets. “That’s where it’s going,” Abagnale said. “Where it was used by cybercriminals, now it’s becoming more of a terrorist tool.”

Eisen agreed and pointed to another recent incident as proof – the cyberattacks on the SWIFT banking system, which led to the theft of millions of dollars from financial services firms. The attackers obtained credentials to impersonate valid users, and create and approve fraudulent SWIFT messages. Eisen said targeting account credentials and weak IAM systems is nothing new, but now nation-states and cyberterrorism groups know they can use such attacks to earn millions of dollars just like cybercriminals.

“The chessboard is the same. It’s logins to an account,” Eisen said. “There are reports the North Koreans are behind the SWIFT banking attacks. If it’s really true that a nation-state is stealing money from banks to support itself, why do you think it’s going to stop?”

Linda Gallie