May the force be with you, May the fourth be with you, may the phish not attack you. Okay, so it does not quite rhyme, but you get the idea. We reach the fourth day of the fifth month of the year and everyone rediscovers or has their passion for the Star Wars Universe energized. This year, we will look at some of the lessons we have learned about information and cybersecurity from the Star Wars movies.
One would be surprised to understand how the destruction of the empire's battle station called the Death Star can educate us on the needs of patching or how the Mon Calamariano, Admiral Ackbar, can teach us about phishing. Finally, the lovable and curious astromech droid, R2-D2, demonstrates the need for solid authentication controls for our systems.
The Need to Patch from the Death Star
At the end of the first Star Wars movie, released in 1977, known as Episode 4, A New Hope, we see the rebel alliance gathering for the attack on the massive new weapon of the Galactic Empire, the Death Star. As some say, it is the ultimate power in the universe, but to the Rebel Alliance, it could destroy worlds with a single shot, and they knew it needed to be destroyed. The Rebels had obtained the Death Star’s structural data plans and discovered a weakness in one of the reactor modules, which could set off a chain reaction to destroy the space station.
The Rebels launch their attack and encounter resistance from the empire's forces. Luke Skywalker, the story's hero, fires off two torpedoes into the reactor shaft and causes the space station to explode, thus ruining the empire's plan. Before Luke's torpedoes destroyed the Death Star, the empire's scientists had analyzed the attack pattern and discovered the weakness. We see one of the senior officers (let's call him the Chief Operating Officer) discuss this issue with the Grand Moff Tarkin, (we will call him the CEO of the Death Star) and that there is a weakness. So the question is, should they get the escape shuttle ready? The CEO, in his wisdom and arrogance decides, the risk is too low, the rebels do not stand a chance against the Death Star and dismisses the COO.
The lesson to take away from this series of events is a "failure to patch." The CEO knew there was a weakness in their infrastructure, but believed the risk was low due to the likelihood that the attackers could break their defenses and damage them. However, the chain reaction caused by the successful penetration into the organization caused their downfall because they did not update the known vulnerability. This scenario is a common one that plays out in organizations all the time, where it is known the infrastructure has vulnerabilities. Still, the risk management reports state the likelihood of an attack is low, without really fully grasping the severity of the attack, and thus the cybercriminals gain access.
It is essential to ensure that patches are reviewed based on their severity, especially systems that are external facing and directly connected to the internet. These systems are constantly scanned by cyber criminals looking for weaknesses for them to launch their attacks. With a well-documented and repeatable change management system, organizations can reduce the risk of an attack and the potential for a disaster like losing a data center or a Death Star.
The Phish is One With Admiral Akbar
Like the torpedoes launched into the reactor shaft in A New Hope, which caused the Death Star's destruction, a phishing attack when emailed to an unsuspecting employee in an organization can have the same effect. In the third Star Wars movie released, Return of the Jedi, we meet the Mon Calamari species and specifically a high-ranking official in the Rebel Alliance, Admiral Ackbar. Now, the admiral looks like a fish, plain and simple—a fish out of water. However, it is the iconic line he delivers towards the end of Return of the Jedi in the massive battle scene with the new Death Star, "It's a trap!" This line always reminds me of when I see a suspicious, socially engineered email in my inbox. Essentially, a phishing email. Ackbar reminds us that clicking on this email, it's a trap!
Clicking on the link will launch malicious software or malware onto our systems. The phishing link can launch a new website asking for our credentials, thus exposing our organization's risk further. Organizations and users need to understand how to spot phishing emails and be vigilant with their mailboxes to avoid an attack.
R2-D2 Can Hack Into Your Network
Clicking on a link is like ignoring the potential vulnerability with your organization's systems. Both can lead to disaster, loss of reputation and damage to one's brand. However, the attackers are always out there looking for ways to get into the organization. What would it be like if the attacker could gain access through a physical attack? This scenario brings up the capabilities of that little white and blue Astromech droid R2-D2. Whether it was the Death Star, the Millenium Falcon, Bespin Cloud City or an Imperial Bunker on the Forest Moon of Endor, R2-D2 essentially could 'hack' into any network or system. Bypassing or accessing the controls and taking over various systems, networks, hyperdrives or controls to benefit those with whom he traveled.
This scenario brings up the concept that organizations need to ensure they have the proper authentication and authorization methods set up and configured adequately for their networks, endpoints and applications. Far too many times, cyber criminals will infiltrate an organization with a phishing attack and then pivot to the domain controllers, which handle the user credentials for the network. This system is the central control for the network. The cyber criminals will access it, exploit it and leverage it to create user accounts for themselves for the various applications to maintain persistence within the infrastructure. There is even the possibility they could create their own badges, submit the ticket and have it waiting for them at the security office to pick up and allow them full access to the physical building. Having domain controllers patched and a repeatable change management process that regularly reviews these patches and user accounts can reduce the risk of false accounts being created. These actions and current training and education for IT personnel can significantly reduce attacks within an organization.
How You Can Be One With the Cybersecurity Force
Whether it is the Death Star, Admiral Ackbar or R2-D2, these icons and characters can teach us a lot about best information security practices. Organizations should have a proper patching program, evaluate the risk and keep those external systems up to date. Patching is essential to securing the organization. Having the appropriate processes and procedures for patching and user management reduces the risk of insider attacks by cyber criminals looking to leverage the accounts and maintain a foothold within an organization.
The critical thing to remember is that everyone needs to be an "InfoSec Jedi Knight" to protect their organization from attacks. Keep an eye out for those phishing emails and do not react too quickly on emails. Rather, take the time to check links and avoid opening attachments regarding emails you are not expecting. May the fourth be with you; if not, the Revenge of the Sixth (May 6th) will come upon you, and the Sith are not to be messed with in the Star Wars universe!