The story of the Trojan Horse from an IT security perspective

12 Jun 2018

The legend of the Trojan War tells the story of how the Greeks tricked their opponents using a Trojan horse. Advenica's CTO draws a parallel to existing problems with modern technology for IT security.

Troy had been under siege for a long time and the Greeks hadn’t managed to enter the city.

Using a diversionary maneuver, the Greeks fooled the defending forces into believing they had withdrawn. Only a large wooden horse was left. The Trojans took the wooden horse to be a prize of war change and took it into the city. What they didn’t know was that Greek warriors were hidden inside the horse. They climbed out of the horse under cover of darkness and opened the gate to the Greek warriors waiting outside.

The story has been used to describe software that is said to do one thing, but which in reality does something else (maliciously). A large part of the trojan's decision to take the horse into town was based on assumptions of what was observed without verifying the content. If they had looked inside the horse, they would have had the advantage of facing the soldiers in daylight, and perhaps more importantly - preventing the city gate from being opened to let in the rest of the army. Now, the soldiers could fulfil their mission under the cover of darkness.

What did the Trojans do? They accepted what looked like a horse, without checking the contents. It could be that any spectacular war trophy could have resulted in the same actions.

What would a comparison with modern IT security technology look like?

Are there similar problems with modern IT security technology? There are many examples where protection mechanisms make decisions based on the transport method, i.e. the protocol instead of the data being transported. Therefore, they run the risk of unwanted content being transported too. Firewalls often operate on ports or protocols. For example, if you use a firewall that accepts all traffic as long as it only comes across port 80, you run the risk of being exposed to the same danger as the Trojans. Nevertheless, such a procedure is common today where it is used by many IT organisations.

trojansk hast

What’s the reason for it?

It’s probably partly for historical reasons.

The development of defense mechanisms follows the development of attack methods, but they are usually one step behind.

People don’t think there is a motivation to introduce protection against attacks that have not yet occurred. In some cases, this is an acceptable strategy - in other cases it may have devastating consequences. It’s always about analysing and understanding the consequences if the protection falls.

Are there more precise ways to control content and not just the packaging? Yes, of course. By clearly defining the content you want to let in (or out) from your network, you obtain a completely different level of protection. The risk of both intrusion and information leakage is significantly reduced. Content-aware firewalls are a good first step, but even better is a policy-based allowlist of approved data content. Using such a methodology you can run and control at a granular level, down on the smallest data bit if you want.

By screening the content instead of the packaging, you can achieve full control and traceability. That way you avoid ending up in the same way as the victims of the Trojan defense.

Jonas Dellenvall, CTO, Advenica AB

2023-05-24

Cross Domain Solutions

What types of data diodes are there?

In this blog post, we will discuss the different data diodes that Advenica offers and how these can be used with or without software.

2023-03-22

Secure digitalisation

The only constant is that things change - the way cyber threats have evolved

Håkan Ahrefors, IT manager and security specialist at Advenica, reflects about the development of cyberattacks.

2023-03-08

Secure digitalisation

Digitalisation vs. security

Digitalisation has made our everyday life easier. But is security keeping up at the same pace so that we can trust that our digital services are safe?

2023-03-02

Secure digitalisation

The history of malware

The history of malware goes back further than most might think. We have listed some of the most significant ones in history so far!

2023-02-16

Compliance

NIS 2 has been published

The NIS 2 directive is now published, and the countdown has begun for the deadline that organisations in the EU must adopt the directive.

2023-02-09

Secure digitalisation

Trend scouting in cybersecurity

We have asked three of our cybersecurity experts to comment on trends for the new year. What do they think will happen in cybersecurity in 2023?

2023-02-02

Network segmentation

Segmentation – the constant security solution

A solution that has existed for a long time, and is still a secure approach today, is segmentation.

2023-01-19

Compliance

How to avoid sanctions from NIS 2

NIS 2 means that there will be a risk of large fines if requirements are not met. So how do you ensure that your organisation will not be hit by the sanctions?

2022-12-08

Cross Domain Solutions

3 security problems that authorities can solve with the help of data diodes

Authorities are increasingly exposed to various types of cyberattacks. To protect yourself, you need to raise the level of cybersecurity work.

2022-11-24

Compliance

What is The Cyber Resilience Act?

In this blog post, we will clarify what the Cyber Resilience Act is and what impact it will have.

2022-11-10

Network segmentation

What is logical separation?

In this blog post, we will explain what logical and physical separation is and what the perks are.

2022-10-25

Secure digitalisation

What can a lack of information security lead to?

In this blog post, we will explain the consequences of inadequate information security.

2022-10-12

Critical Infrastructure

Increased security for wind turbines

In an increasingly unstable world, we are seeing more and more attacks on critical infrastructure.

2022-09-28

Compliance

New proposed directive - NIS 2

There is a proposal for a new directive which originates from the NIS directive – this new proposed directive is called NIS 2.

2022-09-14

Compliance

NIS, GDPR and the Protective Security Act – what is the difference between them?

In this blog post, we will explain a handful of recently introduced security laws and regulations, and what sets them apart from each other.

2022-09-01

Digital responsibility

Building cyber resilience

ENISA and CERT-EU have listed a number of recommendations that all should follow for better cyber resilience – we have elaborated on two on them!

2022-08-18

Cross Domain Solutions

What a data diode can spare you

Some might hesitate to invest in cybersecurity. We will explain what a data diode can spare you!

2022-06-28

Secure digitalisation

How management can organise their business to avoid cyberattacks

In this blog post, we have listed a few things to consider to be able to avoid being affected by cyberattacks!

2022-06-14

Digital responsibility

Lack of competence in cybersecurity - a matter for management

The need for competencies and competence in cybersecurity is constantly increasing. But, there is a shortage of competence.

2022-06-01

Secure digitalisation

Is your network isolation leaking?

What if there was a leak in the network that you thought was isolated? Information security is more important than ever and requires structured work.

2022-05-18

Critical Infrastructure

How can energy companies become less vulnerable?

With more frequent and increasingly vicious cyberattacks, vulnerabilities in IT architecture pose a severe threat for energy companies.

2022-05-04

Secure digitalisation

5 tips for how you better can protect yourself against cyberattacks

In this blog post, we describe 5 important tips you should be aware of to better protect yourself against cyberattacks!

2022-04-20

Digital responsibility

Why CISOs should work with Cyber Risk Quantification (CRQ)

Cyberattacks are constantly increasing. Because of this, there is an increasing need for cyber risks to be measured and reported in financial terms.

2022-04-06

Corporate

Retailers new targets for cyberattacks

Many recent cyberattacks have been targeted at retailers who are becoming increasingly more vulnerable.

2022-02-09

Cross Domain Solutions

Log4j and Log4Shell – how can you protect yourself?

In December 2021, a vulnerability was found in the Java module Log4j. There are ways to protect yourself against this type of vulnerability!

2022-01-26

Cross Domain Solutions

What is the best way to protect your network?

We explain the functionalities of three solutions that can protect your network, so that you can better understand what might be the best one for you!

2021-12-07

IT/OT integration

This is why you base your zoning on risk analysis

In this text, we explain in detail what is important to keep in mind when basing your zoning on risk analysis according to IEC 62443.

2021-11-23

Secure digitalisation

IIoT and Industry 4.0 security challenges

To avoid the risk of opening up for cyberattacks, industries and enterprises adopting IIoT have to increase the level of protection.

2021-11-09

Secure digitalisation

The security risks the CISO needs to be aware of

A CISO needs to be aware of a lot to avoid that the vulnerabilities are exploited for a cyberattack. We describe six security risks that you should be aware of!

2021-10-20

Compliance

A stricter Protective Security Act: 3 things the CISO needs to consider

The new, stricter Protective Security Act will enter into force on December 1st 2021, if the proposal passes. The CISO needs to be prepared!

2021-10-05

Corporate

CISO – How you make sure that the management team prioritises cybersecurity

It is not always easy for the CISO to explain to the management team why working with cybersecurity is so important. Here are some things to keep in mind!

2021-09-22

Critical Infrastructure

IEC 62443 – a standard you should know if you work with security in ICS systems

We explain what the standard IEC 62443 covers and what you need to think about if you want to follow it!

2021-08-18

IT/OT integration

Securely integrate IT/OT – learn how to do it step by step!

We have listed 5 steps for how to securely integrate IT/OT. The method is based on the standard IEC 62443 – a must for those who work with security within OT.

2021-08-04

Corporate

How insurance companies protect critical and personal information

It is highly necessary that insurance companies protect critical and personal information with appropriate cybersecurity solutions.

2021-07-09

Digital responsibility

Security expert: How to handle the old and new threat of a software attack

Sami Hyytiäinen, technical expert, explains how to handle a software attack and how secure updates can be managed with the right solutions.

2021-07-07

Corporate
Critical Infrastructure

2 important pieces of advice on how society can become less vulnerable to IT attacks

Media has been flooded with news of IT attacks affecting large sections of society - we give some piece of advice on how the attack could have been limited.

About Advenica

Advenica provides expertise and world-class high assurance cybersecurity solutions for critical data in motion up to Top Secret classification. We enable countries, authorities and companies to raise information security and digitalise responsibly. Founded in 1993, we are EU approved to the highest level of security. Our unique products are designed, developed and manufactured in Sweden. Advenica has offices in Malmö, Stockholm, Helsinki and Vienna.