Get Your Copy.
The Countermeasure is delivered to your inbox each Saturday, giving you insights on enterprise security developments you may have missed.
Shopping at the Malware Supermarket
In This Issue:
- Who is Agent Tesla? How Agent Tesla set a new bar for making malware installs appear convincingly legit
- How a disgruntled employee's payroll data leak cost more than anyone expected Welcome to the world of "vicarious liability"
- Intro to data guardrails and behavioral analytics... Your ideas on the most likely threats could be more than a little bit skewed
- Quantum computing could be set to take down crypto Bonus: only a year or so to go...
Who is Agent Tesla?
Brian Krebs takes a different – but very important – approach to discussing the Agent Tesla malware. Very successful malware is rarely written by a single individual; the Hollywood image of the crazed hacker alone in his dark basement, banging on a keyboard to the green glow of his monitor, is out of date. Most successful malware is written by well-organized teams of skilled developers working as part of business venture, or a spy agency.
The difference between "legitimate" products that can be used for malicious purposes (TeamViewer is one such example), and "malware" products (Agent Tesla being the example of the day), is sometimes just a matter of how that application is marketed and/or implemented. As malware authors become more organized, more sophisticated, and more capable, their applications will look more and more like above-board corporate software.
Pay close attention to the software installed on all systems. Have monitoring software that detects and alerts you about new software installs. Research the software vendor in depth before choosing any new software.
Supermarket Told it Must Compensate 100,000 Workers after Payroll Data Deliberately Leaked by Rogue Employee
Employer responsibilities as regards data protection and the privacy of employees is a rapidly evolving regulatory environment. Morrisons, the UK’s fourth largest supermarket chain, had a data breach incident in 2014. During this incident, a disgruntled employee posted the personal details some 100,000 Morrisons employees online. Morrisons was ruled “vicariously liable" for the disgruntled employees’ actions, as it had a responsibility to protect that data.
Security and ease of use are two opposites that must coexist in a delicate balance. As the regulatory landscape changes, the cost of convenience is going to rise. The debate is already evolving: Is an increased focus on security the path to success, or are payouts for data breaches to be treated simply as a cost of doing business?
The EU General Data Protection Regulation (GDPR) compliance requires organizations to implement technologies and business practices which limit employees' data access to only what those employees need to see, and only when they need to see it.
Given the current state of software, this is more aspirational than practical, but it represents a data access awareness that all organizations should be working toward. Internally-developed software should be created with an eye toward this sort of robust role-based access control, and the existence of quality access controls should be part of all adjudication of future software purchases.
Introducing Data Guardrails and Behavioral Analytics: Understand the Mission
The first in a series about understanding insider security threats and changing how we think about data security, this post clears up some of the myths surrounding insider threats. Numerous surveys have shown that our perceptions of which percentage of compromise events can be ascribed to which malicious actors bears little resemblance to reality.
IT practitioner and civilian alike, we all have skewed ideas about what the most likely IT security threats are. It's worth the time to remind ourselves of the facts and figures..
Keep an eye on this blog series, as it promises to be quite informative...
Why You Need to Quantum-Proof Your Cyber Security Now
This piece, written by the CEO of Cambridge Quantum Computing, merits a look. The author is probably entirely correct about the importance of beginning to consider about the impact of quantum computing on IT security. The timeframe suggested in the piece – that within the next year we really need to start caring about this – is, however, probably a little optimistic.
What's important is to bear in mind that quantum computing is no longer "always 20 years away." While we're a ways off from any mainstream usage of crypto-busting quantum security threats, an ever-increasing number of quantum computing products are seeing commercial success today. It’s no longer "if" quantum computing will pose a mainstream security threat, but when.
Have your security teams consider the quantum computing market as a novel emerging threat landscape that they need to keep an eye on.
Tweet of the Week
"What is worse? Multiple devices, on multiple software versions, with multiple vulnerabilities, or all devices, on a single software version, with a single vulnerability?"
Video of the Week
"TOOLS / Reverse Engineering Android APKs"
Reverse engineering is an excellent way to learn how malicious software works. This is an excellent introduction to the concept, and practice. h/t: Kristina Balaam
This entire thread is a must-read of pure truth.
People are so desperate for a one line panacea to securing networks - Lesley Carhart (@hacks4pancakes)
Quote of the Week
"If you work in Security, do not expect acclaim. Do not anticipate being a rockstar. You can architect, but you cannot supersede human nature. Instead of it making you hateful, become a student of failure. That is what Security is. Know failure. Inevitably, including your own."