Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Why thinking like a criminal is good for security

Kacy Zurkus | Jan. 15, 2016
When planning an attack, criminals study their target victims looking for the weakest links.

Public information provides a gold mine of useful tidbits for criminals. Will Gragido, head of threat intelligence at Digital Shadows said, "Gleaning career and relationship information, like the names of colleagues, mentors and friends from sources like Facebook, LinkedIn, and alumni sites helps establish cover for spear-phishing and other social-engineering campaigns.”

Public information provides a gold mine of useful tidbits for criminals.

While these commonly used social media have much to reveal, there are others that can be more revealing of information about software and code that is really useful to criminals. 

Gragido said, “Online profiles that might be easily misconfigured, such as GitHub accounts, frequently leak other types of information publicly, such as the identities of specific software developers in targeted organizations and snippets of the code they are working on, which, taken together, yields a lot of useful intelligence."

This extensive information that is often leaked unknowingly is particularly threatening to the security of an enterprise. "The challenge is that this information leaks from third-party sources far outside of organizations' own security boundaries, meaning they are almost blind to these exposures and cannot act in time to prevent them from fine-tuning attacks, like a precision attack on a specific software developer,” said Gragido.

The expanded network has posed many challenges to security teams, and Gragido said, "Other sources of reliable attack intelligence are exposed storage devices and cloud platforms.” In Gragido’s experience, he has seen instances of sensitive corporate information, such as strategy documents and board meeting details from a health insurer, that were publicly 'over-shared' by being posted in cloud sharing sites with inadequate password controls.

Gragido said, “Likewise, we have seen sensitive files pertaining to banks' ATM networks, for example, accidentally broadcast to the Web because employees have placed them on misconfigured remote storage drives in their homes."

Criminal acts

Ryan Stolte, CTO Bay Dynamics recommends asking these 5 questions from the perspective of a criminal:

  • Which websites does the victim business host?
  • What does their infrastructure look like (i.e. where are their doors and windows)?
  • How do insiders remotely gain access to the network?
  • Who are their third-party vendors?
  • Who has the keys to the kingdom (think about employees who have the highest level of access to the business’s valuable information)?

Whether they are after credit card data, payment data, customer information, or any other kind of credentials from user names, to passwords, and healthcare records, criminals are gaining access even with extensive security measures in place, which begs the question how do security teams stop them?

If only there were an easy answer that didn’t require time and resources beyond those which are already stretched and limited. The first step is recognizing that it’s important to prioritize what is secured. 


Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.