Why Hacking should be a futile endeavor
Nonetheless when we look at all the Cyber Security solutions, appliances, best practices for different operating system and industry compliance out there, these are indeed overwhelming in quantity, diverse in quality and some of them borderline paranoid regarding the level of security they intend to offer.
Let's begin with our best friend Windows, almost 1 year ago EMET was incorporated into Windows 10. And if you know what I'm talking about, EMET addresses the issue of memory corruption based attacks onto vulnerable binaries. Although and when we say "integrated" it means that this has been out there for a long time, but only until recently it was finally integrated into Windows last update.
And what about Linux and Unix based systems?
...SElinux doesn't prevent memory corruption BTW, but even if you are a SELinux low level wizard you know what I'm referring to.
Furthermore, if you didn't have any of these there's still appliances which can prevent the memory of a system (even in a virtualized environment) from being corrupted.
Hey but what about Meltdown and Specter? Aren't those really dangerous?!
Well that depends on the environment you are running. If for example you are an average Joe in a Desktop computer, you have absolutely nothing to worry about.
On the other hand if you are a provider of Virtual Servers solutions, you have more than one reason to worry.
Although this also depends on the administrator running any of those servers, since if this also has an understanding of how malware works even in general terms and how to properly control the virtual environment, it's also very unlikely for any of those above mentioned vulnerabilities to ever come into effect.
And this leads me to a very important point!
IF the System or Network's administrator has an idea of how malware works, this should also know what are the proper mitigation measures that should be taken...no matter the size of the Network and thus company.
And with such an overwhelming amount of solutions available this shouldn't also be difficult to achieve.
But as we all know, that's not the case.
In all my years working in Cyber Security, I cannot tell you how many times I've walked into IT departments in which qualified Network & System administrators are baffled on how a malware got into their systems when the "write Antiwalmare name here" was up to date and passwords were at least 15 characters long, and why not, when admin access was restricted to just certain devices...
When in reality none of these things have anything to do when preventing an attacker from getting into a target system.
Not that the mitigation methods are incredibly difficult to implement for a competent Network or System administrator, but rather that these could be borderline unknown, specially when one assumes that the only way for an attacker to get into our systems is by brute-forcing an open port in our firewall, or by sending a phishing email.
The first one is nowadays extremely unlikely to happen, unless your firewall is 20 years old. And the last one is just having a narrow perspective of what a Cyber Attack is.
And if you don't believe this, then why do we worry about processes privilege inheritance in the first place?
But I can tell you from my experience that these are actually what many Network and System administrators think, at least from my generation...
This of course leads to take poor decisions regarding the implementation of Cyber Security related measures.
Let's take a very known case, or that of the Wannacry Ransomware.
First of all, the Ransomware part of the attack was very basic, nothing impressive here, just a malware that needed admin access to the job.
Nonetheless the most interesting part was how this got into the systems in the first place. Of course we are talking about the infamous Doublepulsar and Ethernalblue exploits.
But even so, we already knew from many years before that the SMBv1 protocol was insecure.
But I bet you that those who kept on using it didn't know how or what it was insecure against....after all admin access was granted to just certain devices, and passwords were at least 15 characters long...Oh yeah! And the AV was up to date....
Of course, some may think this is unfair, as both exploits were quite advanced and nobody could ever knew how to deal with them.
Well the truth is that by the time Wannacry hit, we already knew what a Buffer Overflow was and how this "kind of thing" was used to affected vulnerable binaries.
But again, I can tell you that most Network and System administrator doesn't care excessively about binaries. And if I'm even trying to be honest....they couldn't care any less...
The point being made.
The task of managing a set of Systems or an entire Network, isn't always directly related to Cyber Security, or securing any of these two things.
As Cyber Security is always the response to new emerging threats, which and as always happens in technology, are an improvement of previous techniques.
How many variations, improvements and flavors of DDOS attacks we have today?
Of course, we cant deal with all of them in the exact same way, that would be ludicrous, but at least we are aware of their general purpose and acting mechanisms.
And that help us to ponder about the proper mitigation methods, or if this issue concerns our Network at all.