Some of the most devastating cyberattacks of the future will ultimately manipulate an organization’s own data infrastructure said a top NSA official Tuesday during the Billington Cybersecurity Summit in Washington, D.C.
Hackers will look to “subvert” powerful capabilities that work in the enterprise to increase their influence and impact of tomorrow, said Neal Ziring, NSA technical director of the Information Assurance Directorate.
“The example I was going to give was if you have cloud encryption. That’s far more powerful at encrypting the data for a ransom-type attack than writing your own malware that does it … I am very worried that we’ll see cyberattacks that are based on the subversion of those powerful capabilities like [Active Directory], like cloud encryption, like network management,” said Ziring.
A recent hack against Windows’ active directory federation services, or ADFS, offers a glimpse into what these cyberattacks may look like, according to Robert Bigman, president of 2BSecure.
In one case, “a hacker could not get into ADFS from the perspective of penetrating into the network and exploiting the protocol. But what they did realize is they were able to find through the actual transmission, the actual conduction request, what the password was. Now the password was encrypted with a hash, but what they were able to do is replace it,” Bigman also said during the Billington conference.
“As a ransomware attack … [the hackers] called up the company and said ‘you know, you’re ADFS are going to slow down and stop working,” making it so users across the organization would not be able to access the directory in question, 2BSecure’s president explained. Eventually, the victim company paid the ransom, caused by the corruption of a native system.