Page 40 - Understandinging Forensic Technology Landscape
P. 40
Cybersecurity, email
and network intrusion
Cybersecurity, email and network Potential intrusion threats can exist both internally
intrusion in the forensic context and externally. External actors exploit vulnerabilities to
compromise a network from outside of the defense
According to the National Initiative for Cybersecurity perimeter. Internal actors can present similarly grave
Careers and Studies (NICCS), cybersecurity is “the risks, whether through inadvertent or malicious actions.
activity or process, ability or capability, or state whereby Intruders’ goals and motivations vary, but the threats
information and communications systems and the they pose and the dynamic nature of cybersecurity
information contained therein are protected from today present continual challenges. The work of forensic
and/or defended against damage, unauthorized use accountants and cybersecurity experts frequently
or modification, or exploitation.” Its importance overlap to assess evidence and data sets that relate to
42
cannot be understated because today’s cyber the specific incidents that impact information systems,
ecosystem is complex, inter-connected, and global. business processes, financial transactions, businesses
With an ever-increasing attack surface, no business is and individuals.
immune. As this landscape evolves, data has become
both an asset and a liability. Among the most common
threats are email exploitation and system breaches. Tools and techniques
The goal of email exploitation is to gain unauthorized As part of an effective overall system security
access to an email account to commit fraud, exfiltrate program, businesses should have a well-defined plan
data, or establish enhanced persistent access to the for responding to specific incidents. It should include
network host. Strategies include the following: required protocols and responsible parties for each
phase of the response process. Lack of effective
• Phishing — A digital form of social engineering planning can cause delay and inhibit remediation
to deceive individuals into providing sensitive when problems arise.
information, which can be leveraged in an attack
• Business email compromise — An exploit in which Conducting forensic response amid a cyberattack
the attacker impersonates legitimate individuals or incident can present many hurdles in the effort to
for nefarious purposes, usually to defraud the successfully investigate and restore the compromised
victims of money system. Effective investigation will inform responders
in several critical areas, including the following:
In system breaches, malicious actors exploit system • How the system was compromised
vulnerabilities to gain unauthorized access to
susceptible networks. Common techniques include but • The intended purpose of the intrusion, and whether
are not limited to the use of malware and exploitation of the actor was successful
the third party, supply chain exposures.
42 A Glossary of Common Cybersecurity Terminology, NICCS, niccs.us-cert.gov/about-niccs/glossary, accessed March 9, 2020
Understanding the forensic technology landscape | 36
