We live in a day and age where new cyber threats emerge daily and staying on top of the latest Information Security (InfoSec) trends can be a challenge. But, exploring and learning doesn’t have to be a bore. So today I’m going to inject some pop culture into the InfoSec discussion and share some Rick-level cyber survivor tips from the latest season of “The Walking Dead” (TWD).
Get ready to battle some digital zombies.
Prepare for Herds of Zombies Banging at Your Gates
This season of TWD opened with the community at Alexandria preparing for a flood of zombies. The group had found a huge herd of walkers stuck in a quarry, but knew they only had a matter of time before their gates would be stormed by the mob.
This sort of dilemma might sound familiar to Information Security (InfoSec) professionals. Criminal hackers often infect thousands of computers, and exploit them en masse as “zombies” to do their bidding. The security industry calls these botnets, and attackers often use them to launch Distributed Denial of Service (DDoS) attacks, which are assaults designed to overwhelm our digital gates by sending a deluge of network communication from thousands or more “zombies.”
Rick knew a herd of zombies could corner and kill the Alexandria community, just as surely as a DDoS attack might prevent the e-commerce site from accepting visitors, thus killing the business. So, he made a plan to divert the flood elsewhere.
Good DDoS protection works similarly. There are on-premise appliances and DDoS solutions that can separate good communications from the bad during a DDoS attack. The problem is that botnet zombies have grown so big that these products spend so much time blocking the bad stuff that they have virtually no time for the good. This is why there are hybrid DDoS solutions that leverage the Cloud, ISPs, and/or Content Distribution Networks (CDNs) to help divert some of the bad traffic before it gets to your digital gates.
While Rick’s plan did not divert the entire zombie herd, it deterred enough of it to make the attack survivable, similar to how a hybrid DDoS solution can soften an attack before it reaches the network gates.
Don’t Rely on Walls Alone
The smart survivors in TWD universe keep zombies out by surrounding themselves with sturdy walls. And, smart businesses do the same with their network defenses using perimeter security appliances and firewalls. While these defenses are necessary, this season of TWD has another lesson to impart about our walls — they can fall.
During Season 6, the walls around Alexandria collapsed because of two key events. First, the Wolves weakened the wall by crashing a semi-truck into a church steeple next to it. Second, when Rick’s team failed to divert the huge mob of zombies, the herd’s sheer mass was enough to knock the steeple down entirely, creating a hole in the carefully crafted wall.
Firewalls are a key part of any organization’s InfoSec strategy, and should remain so. However, it is important to remember that people put holes in all walls, intentionally or otherwise. At the bare minimum, people leave holes to allow themselves to get in and out. Additional layers of defense beyond perimeter walls can help to eliminate any zombies that eventually get through. Use Unified Threat Management (UTM) or Next Generation firewalls (NGFW) to provide several extra layers of defense that can help catch various stages of an attack.
Negotiating with Criminals is a Losing Proposition
A big theme in this season of TWD was how Rick’s group interacted with other, often untrustworthy, humans. For instance, Rick and Lauren had to negotiate with the Hilltop community of farmers to trade food for services. They ended up learning that the Hilltop community had already negotiated with a group of killers called the Saviors, led by a ruthless leader. Dealing with criminals or terrorists is always a dangerous and uncertain proposition.
Similarly, in the world of InfoSec, one of the most effective threats right now is ransomware, or malicious software that locks computers or files so that criminals can demand payment before returning them to the user. People succumbing to this kind of extortion and paying the ransom is one of the main reasons why ransomware has grown so much over the past year.
While these victims do get their files back in the short term, giving in and paying ransomware criminals will hurt everyone in the long term. This payment proves to the criminals how lucrative their criminal business model is.
Ransomware might not seem as threatening as savage groups like the Saviors, but cooperating with cyber extortionists is a surefire way to perpetuate this kind of cyber attack over the long-term. Follow Rick’s lead, and don’t yield to shady racketeers.
For more tips on dealing with ransomware, check out my March column.
Use Decoys to Your Advantage
In a pivotal scene during the last episode, Eugene offered himself up as a decoy. Rick and the group had been trying to transport a sick Lauren to a doctor at Hilltop, but found the Saviors waiting to intercept them. Eugene volunteered to use the RV to lure them away. Despite the fact that this tactic ultimately failed, Eugene’s decoy idea has real merit in the world of InfoSec.
Decoy or deception technologies are a new class of network security solution on the market. These technologies evolved from something known as network honeypots. A honeypot is a network security system that masquerades as a typical network service (a web file, or email server, etc.) to trick an attacker into connecting to it. Honeypots allow researchers and security professionals to watch what attackers do once they connect to a server, and can be an alert that attackers are attempting to look at the network.
Rather than just acting as a “pretend” server, this new decoy technology takes honeypots to the next level by using virtualization to provision real systems. They can even make virtual copies of actual systems, and plant them with realistic looking data. So, when attackers interact with these decoy systems, they think they’re interacting with real servers and never know to look for the real data.
Deception security solutions are still new and expensive, but as networks continue to be infiltrated, it’s likely that deception technology will eventually become commonplace. Eugene may not be the toughest guy on Rick’s team, but he’s wicked smart. His decoy idea is a great example of another layer of network security that could prove to be incredibly valuable in the future.
Now You’re an InfoSec Survivor
Ok, I admit it. Watching TWD won’t make you a security expert. However, Season 6 had a ton of great parallels to modern InfoSec. It’s important to remember that just as Rick’s team has to constantly think of new ways to improve their defenses, evade attackers, and adapt to dangerous circumstances, InfoSec threats are always evolving too. It requires awareness, vigilance, and creative solutions to stay safe.