Even the securest IBM Z installations in top security environments are exposed to hacking threats that are underestimated, downplayed or simply unknown to most mainframe operations and security teams. What is your risk exposure, what methods social hackers are using and what are recommended steps to protect yourself from those dangers?
Can an IBM z/OS mainframe be hacked? The answer is a simple “yes”.
A current Bitkom study even reports on the attack target of the German economy, the current “Spiegel” (one of the biggest german News-magazines) even reports on a „network with big holes“.
For instance a hacker group infiltrated 2012 multiple z/OS Mainframe Systems in Sweden, gained access to the RACF-Database and brute-force decrypted over 100.000 RACF account passwords. Plus they installed backdoors with permanent access without even needing passwords.
Sensitive data was lost or revealed and a funds were transferred from the bank to private accounts.
So what has changed?
As simple as it may sounds: your mainframe is connected to the world and there is interest in your mainframe! Not from script kiddies, but from semi-professional and professional hacker groups and even companies. And mainframe hacking tools are today available as open source free to use for everybody.
So what you can do to protect your IBM Mainframe?
- Don‘t trust that your mainframe is secure
- Use common sense security measures *)
- Use Identity & Access Management Software‘s standard security features to protect you
- Monitor access to your systems
- Collect logs & review them
- Conduct regular security audits
- Implement recommended NIST STIGs
- Be informed about security threats of the deployed mainframe software
- Execute a mainframe penetration test
On the subject of “social hacking”*
- Make yourself clear, that there are social hackers!
- Build awareness inside your company and team
- Define rules, how to act in case of calls, and what information can be given
- Limit the information you give out in calls or without calling back
- Be suspicious and ask for clear identification of the person talking to you.
- As a rule of thumb: Always call back!
Do you want to know more?
All this and the nifty details of the 2012 mainframe hack and your risk exposure will be covered in our 60 min. Webinar “Hacking the Mainframe”. It includes information on hacker practices based on a real life example and provides you with recommendations and solutions how to protect your most viable information and your mainframe security.