The story of the Trojan Horse from an IT security perspective

12 Jun 2018

The legend of the Trojan War tells the story of how the Greeks tricked their opponents using a Trojan horse. Advenica's CTO draws a parallel to existing problems with modern technology for IT security.

Troy had been under siege for a long time and the Greeks hadn’t managed to enter the city.

Using a diversionary maneuver, the Greeks fooled the defending forces into believing they had withdrawn. Only a large wooden horse was left. The Trojans took the wooden horse to be a prize of war change and took it into the city. What they didn’t know was that Greek warriors were hidden inside the horse. They climbed out of the horse under cover of darkness and opened the gate to the Greek warriors waiting outside.

The story has been used to describe software that is said to do one thing, but which in reality does something else (maliciously). A large part of the trojan's decision to take the horse into town was based on assumptions of what was observed without verifying the content. If they had looked inside the horse, they would have had the advantage of facing the soldiers in daylight, and perhaps more importantly - preventing the city gate from being opened to let in the rest of the army. Now, the soldiers could fulfil their mission under the cover of darkness.

What did the Trojans do? They accepted what looked like a horse, without checking the contents. It could be that any spectacular war trophy could have resulted in the same actions.

What would a comparison with modern IT security technology look like?

Are there similar problems with modern IT security technology? There are many examples where protection mechanisms make decisions based on the transport method, i.e. the protocol instead of the data being transported. Therefore, they run the risk of unwanted content being transported too. Firewalls often operate on ports or protocols. For example, if you use a firewall that accepts all traffic as long as it only comes across port 80, you run the risk of being exposed to the same danger as the Trojans. Nevertheless, such a procedure is common today where it is used by many IT organisations.

trojansk hast

What’s the reason for it?

It’s probably partly for historical reasons.

The development of defense mechanisms follows the development of attack methods, but they are usually one step behind.

People don’t think there is a motivation to introduce protection against attacks that have not yet occurred. In some cases, this is an acceptable strategy - in other cases it may have devastating consequences. It’s always about analysing and understanding the consequences if the protection falls.

Are there more precise ways to control content and not just the packaging? Yes, of course. By clearly defining the content you want to let in (or out) from your network, you obtain a completely different level of protection. The risk of both intrusion and information leakage is significantly reduced. Content-aware firewalls are a good first step, but even better is a policy-based allowlist of approved data content. Using such a methodology you can run and control at a granular level, down on the smallest data bit if you want.

By screening the content instead of the packaging, you can achieve full control and traceability. That way you avoid ending up in the same way as the victims of the Trojan defense.

Jonas Dellenvall, CTO, Advenica AB

2023-11-22

Secure digitalisation

What is ransomware?

What can the effects be when you are struck by a ransomware attack? And what can be done to minimise the consequences?

2023-10-24

Cross Domain Solutions

Data diodes - an effective alternative to air gaps

Have you chosen not to connect the systems to the outside world using air gaps? There are other solutions that are more secure and more cost-effective.

2023-10-10

Critical Infrastructure

The cyber threats to critical infrastructure operational technology (OT) – how to protect your operations

The threats to critical infrastructure are constantly increasing and therefore systematic work with concrete cybersecurity measures is vital.

2023-09-12

Digital responsibility

How to secure your logging

To reduce the risks of centralised logging, a solution is needed that protects both log data and all connected systems.

2023-08-30

Digital responsibility

How to conduct secure updates

Avoid security risks with updates by using the right security solutions.

2023-08-15

Secure digitalisation

How to achieve secure remote access

Many organisations depend on remote access through RDP, for example to allow suppliers to perform maintenance or for operating personnel for monitoring.

2023-06-21

Stay secure during the summer

Summer season is a time when many attackers strike, as many businesses wind down for vacation time. We give you 5 tips and a simple summer security checklist!

2023-06-08

Secure digitalisation

7 tips to strengthen the security of your supply chain

Because they can be both devastating and have far-reaching consequences, all businesses simply need to review the security of their supply chain.

2023-05-24

Cross Domain Solutions

What types of data diodes are there?

In this blog post, we will discuss the different data diodes that Advenica offers and how these can be used with or without software.

2023-03-22

Secure digitalisation

The only constant is that things change - the way cyber threats have evolved

Håkan Ahrefors, IT manager and security specialist at Advenica, reflects about the development of cyberattacks.

2023-03-08

Secure digitalisation

Digitalisation vs. security

Digitalisation has made our everyday life easier. But is security keeping up at the same pace so that we can trust that our digital services are safe?

2023-03-02

Secure digitalisation

The history of malware

The history of malware goes back further than most might think. We have listed some of the most significant ones in history so far!

2023-02-16

Compliance

NIS 2 has been published

The NIS 2 directive is now published, and the countdown has begun for the deadline that organisations in the EU must adopt the directive.

2023-02-09

Secure digitalisation

Trend scouting in cybersecurity

We have asked three of our cybersecurity experts to comment on trends for the new year. What do they think will happen in cybersecurity in 2023?

2023-02-02

Network segmentation

Segmentation – the constant security solution

A solution that has existed for a long time, and is still a secure approach today, is segmentation.

2023-01-19

Compliance

How to avoid sanctions from NIS 2

NIS 2 means that there will be a risk of large fines if requirements are not met. So how do you ensure that your organisation will not be hit by the sanctions?

2022-12-08

Cross Domain Solutions

3 security problems that authorities can solve with the help of data diodes

Authorities are increasingly exposed to various types of cyberattacks. To protect yourself, you need to raise the level of cybersecurity work.

2022-11-24

Compliance

What is The Cyber Resilience Act?

In this blog post, we will clarify what the Cyber Resilience Act is and what impact it will have.

2022-11-10

Network segmentation

What is logical separation?

In this blog post, we will explain what logical and physical separation is and what the perks are.

2022-10-25

Secure digitalisation

What can a lack of information security lead to?

In this blog post, we will explain the consequences of inadequate information security.

2022-10-12

Critical Infrastructure

Increased security for wind turbines

In an increasingly unstable world, we are seeing more and more attacks on critical infrastructure.

2022-09-28

Compliance

New proposed directive - NIS 2

There is a proposal for a new directive which originates from the NIS directive – this new proposed directive is called NIS 2.

2022-09-14

Compliance

NIS, GDPR and the Protective Security Act – what is the difference between them?

In this blog post, we will explain a handful of recently introduced security laws and regulations, and what sets them apart from each other.

2022-09-01

Digital responsibility

Building cyber resilience

ENISA and CERT-EU have listed a number of recommendations that all should follow for better cyber resilience – we have elaborated on two on them!

2022-08-18

Cross Domain Solutions

What a data diode can spare you

Some might hesitate to invest in cybersecurity. We will explain what a data diode can spare you!

2022-06-28

Secure digitalisation

How management can organise their business to avoid cyberattacks

In this blog post, we have listed a few things to consider to be able to avoid being affected by cyberattacks!

2022-06-14

Digital responsibility

Lack of competence in cybersecurity - a matter for management

The need for competencies and competence in cybersecurity is constantly increasing. But, there is a shortage of competence.

2022-06-01

Secure digitalisation

Is your network isolation leaking?

What if there was a leak in the network that you thought was isolated? Information security is more important than ever and requires structured work.

2022-05-18

Critical Infrastructure

How can energy companies become less vulnerable?

With more frequent and increasingly vicious cyberattacks, vulnerabilities in IT architecture pose a severe threat for energy companies.

2022-05-04

Secure digitalisation

5 tips for how you better can protect yourself against cyberattacks

In this blog post, we describe 5 important tips you should be aware of to better protect yourself against cyberattacks!

2022-04-20

Digital responsibility

Why CISOs should work with Cyber Risk Quantification (CRQ)

Cyberattacks are constantly increasing. Because of this, there is an increasing need for cyber risks to be measured and reported in financial terms.

2022-04-06

Corporate

Retailers new targets for cyberattacks

Many recent cyberattacks have been targeted at retailers who are becoming increasingly more vulnerable.

2022-02-09

Cross Domain Solutions

Log4j and Log4Shell – how can you protect yourself?

In December 2021, a vulnerability was found in the Java module Log4j. There are ways to protect yourself against this type of vulnerability!

2022-01-26

Cross Domain Solutions

What is the best way to protect your network?

We explain the functionalities of three solutions that can protect your network, so that you can better understand what might be the best one for you!