Kali linux vs. linux | MGM & Caesar's not just a one day hack. #episode2

#cybersecurity #cybersecuritytutorial #cybersecuritycourse #mgm #caesarspalace

First question I had for you today was, why Linux? Why do we have to learn Linux fundamentals so soon in the class?

It’s core, it’s core to what it takes to run and support a modern enterprise. So exposure to Linux is your kind of ‘get your feet wet’ day one, and part of that is just using the shell, the command line. Those are tools; the way to navigate that is your baseline for getting into penetration testing, the applicability of how to secure a host against attacks from the web and internet. So that’s why we chose Linux, and then on top of that, Kali Linux is the distribution we’re using, and that is industry standard for penetration testing and those security audits that can be done down the road in the future, in the student’s professional career.

Speaking of security breaches, recently in the news, we found out that MGM and Caesars got hacked by the hacker group. Could you explain what social engineering is?

So, there’s a lot of different ways people can attack a network. Social engineering is using, I think, the weakest link in any security, and that’s the person. People either get to know the identity of another person and fake that identity, or they attack the person themselves through nefarious or phishing means and get their identity and their password. So once you have a user’s password or you’re granted user access to a password, you can go into the system as if you’re a valid user, and the IT security folks have no idea or it’s very hard to differentiate the difference between a user that’s logging in with the user’s credentials or whether it’s a hacker that hijacked that identity. So social engineering is a way to take leverage of that weakest link, and that’s the end-user itself.

How can you defend against social engineering with software? Like, is that even possible?

There’s no way to defend. What people are doing now is to mitigate. I think most security organizations have come to the realization that you have to assume the hacker is in your network already. Now, once you assume that, then you’re looking at either stealth, hiding your critical resources, or containment. It’s kind of like a battleship, you know, when the missile hits a battleship, battleships are contained in different compartments so the ship doesn’t sink, and the damage is localized. That’s what corporations are actually trying to do nowadays, contain the damage and contain the breach.

So for this particular attack, though, Danny, you mentioned something before the pod began, and you said they must have been in the network for weeks, if not months. How did you come to that conclusion?

Well, just the size of the data breach, six terabytes. I know we toss that terabyte around a lot. I don’t think we really realize how large a dataset that is. If, let’s just, for instance, if someone was on a 100-megabit network, they wanted to download six terabytes continuously, it would take 5.5 days. So, I just assume that these folks were in the network not just days, but probably weeks, maybe even months. What they do is they go in, they hack into a user’s account or go through someone’s identity, and then they sit there on the network and they wait, they search, they look around, they find critical data sets, and they’ll start sideloading the data off over time. And then, until they get discovered, so it’s essentially they probably were in there for weeks grabbing data until they were discovered. And then the containment, or the access point, was shut off, and then, obviously, the disclosure and the realization. But it didn’t happen that day, it was happening over days and weeks. Wow.

If you’re MGM, last question, if you’re MGM, if you’re Caesars, if you’re any of these tourism-related companies, what do you do to prevent the next attack? What do you do to prevent the next data breach?

Well, there’s really an adage in security that nothing is fully secured, so that’s how you have to start with that premise. There’s everything from user education and training, which is also very difficult to do because even the most sophisticated users and even IT departments can get spoofed. You can do all of the containment protocols you can imagine. So, in the end, the goal is just fortifying your environment as much as you can, to one, hide and keep your critical information in a stealth area; number two, contain the breaches as much as possible. Other than that, it’s really difficult. Just prior to this call, I was on a phone call with a former government hacker who turned to the private sector, and we were talking about this exact breach. And we’re talking about the same thing. There’s absolutely nothing you can do to completely mitigate breaches other than what we call stealth and containment, which are the two areas that most companies are now looking at.