Learning the art and practice of cyber-defense

The Comsimulator does its worst against network protection systems in order to help them do their best

Comsec CEO Moshe Ishai (Photo credit: Courtesy)
Comsec CEO Moshe Ishai (Photo credit: Courtesy)

Every single network protection system, even the most sophisticated, has chinks in its armor. The proof, said Comsec CEO Moshe Ishai, is that his company’s new security stress testing system, the Comsimulator, was successful in breaching the defenses of 100 percent of systems tested for resistance to DDOS (distributed denial of service) cyber-attacks, in which hackers inundate a site with traffic in order to overload it and shut it down.

“The sites in question belong to large financial institutions, government agencies, and others that spent millions of dollars to ensure that their sites could withstand attacks,” said Ishai. “Our simulated attacks subjected those sites to the kinds of attacks they could expect from sophisticated government-sponsored hackers who are using the latest tools and methods to attack.”

What’s true for the relatively crude DDOS attacks is also true for the more sophisticated social engineering hack attacks, in which employees of an organization click on suspicious links and install viruses and Trojans that turn their networks into components of botnets, the underground networks used to send spam and launch cyber attacks (including DDOS attacks). The bottom line is that even organizations that have spent a fortune on protecting their computer systems aren’t protected.

This is what war is like, said Ishai — painful, expensive, and full of uncertainty. “The number of cyber-attacks today is absurd, and they are only increasing,” said Ishai at a press conference introducing Comsimulator, probably the toughest security testing system ever devised. “There’s always something you haven’t thought of in cyber-defense, and Comsimulator is designed to help organizations figure out what they may have missed.”

Comsec isn’t itself in the business of defending companies from cyber-attacks. Rather, it advises those whose job it is do to so, such as security departments in large corporations, banks, government organizations, and even military and security groups, plus information technology security companies like Checkpoint (a Comsec customer). Comsec has been around since 1987, said Ishai, and has seen it all, from unskilled “script kiddie” hacking to cyber-crime raids on credit card databases and bank accounts, to today’s cyber-terror threats, in which groups and nations attack enemies either to steal information or cause damage.

With the Comsimulator system, Ishai said, “we can simulate all levels of attack, from mass, direct attacks to invasions by worms and Trojans,” a very common method of attack today. “Many clients are surprised to find that their systems have been invaded, because things continue to work. They don’t realize that they may have been under attack for months and that their systems have been hijacked to become part of a botnet, with hackers harnessing their resources to attack and hack other systems.”

But the most important tool the system brings to clients may be its intelligence-gathering capability. Comsimulator’s Cyber Intelligence Hub can identify in advance when an attack can be expected, what methods hackers will use to attack, and even where they are located and who they are. The system does this by gathering and analyzing relevant news and information, from both “legit” sources (news wires, corporate web sites, etc.) and “underworld” sites (Darknet, hacker networks, etc.). Using these sources, Comsec can stay ahead of the game, predicting the next move by hackers and deploying Comsimulator on a client system to see if it is ready for the expected attack.

According to Shay Zalalichin, Comsec’s CTO, Comsimulator’s intelligence component caught the perpetrators of a hack on Israeli Facebook accounts that took place just days before the infamous OpIsrael DDOS attacks. Its purpose wasn’t clear, said Zalalichin, until Comsec activated its intelligence system. “It turned out to be a Trojan that ‘enrolled’ the user in a botnet, keeping track of all their online activities and using their computer for various nefarious activities.”

Comsec was able to trace the attack to servers in France, which had also been (unwittingly) hijacked by hackers to run the Facebook hack. “We figured out that the attack was being run by a group of Turkish hackers who had been preparing for this for months. We were even able to get the name and location of the hacker,” not just his online handle, said Zalalichin — all due to Comsec’s intelligence gathering capabilities.

Ishai admits that the Comsimulator’s testing is tough — perhaps tougher than anything companies will be facing in the field. But perhaps not.

“One of the problems we have found is that organizations are usually ready to deal with a worst-case scenario, but life is not like that,” said Ishai. “Very often there is a situation where everything seems to work, but your system has been compromised. How can administrators figure this out? That’s one of our aims with Comsimulator — to get those responsible for security to think differently about how the issue, and get them ready to deal with all scenarios, even the ones they are not expecting.”

read more:
Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed