Title - Paying the Ransom
In this episode we cover paying ransoms, an insider threat at apple, Guy Fawkes, and more. Don't touch that dial!
Intro
Welcome back! This is episode 25 of The Insider Threat podcast, for the week of November 6th, 2017.
If you followed me on twitter, you know that I was eagerly awaiting my new phone this week. It came in and I'm really excited about it thus far.
Guy Fawkes Day "Remember, remember the 5th of November"
?- On November 5th, 1605, Guy Fawkes was arrested guarding explosives that were set to blow up the House of Lords in London.
?- What started as a celebration that the terrorist plot was disrupted later became a holiday for expressing social injustices around Great Britain
?- Guy Fawkes masks are worn by members of Anonymous to symbolize "fighting against the man"
Infosec Question of the Week
It's time for your Infosec Question of the Week, where Google is king and the prize is nonexistent!
The question last week was "In 1984, a computer hacker and DIY media organization called Cult of the Dead Cow was formed in Lubbock, Texas. They gained quite a bit of notoriety when they wrote a remote system administration tool. What was the name of this tool?"
The answer was "Back Orifice".
So Back Orifice was a little before my time, but I remember very vividly when Cult of the Dead Cow released Back Orifice 2000. It was the first piece of malware that I ever downloaded (intentionally, anyway), and I remember putting it on a disk and having absolutely no clue what to do with it after that.
Congratulations to:
Lukas from Ottawa, Sandra from Washington, Taylor from New Jersey, and Jens from Munchen for getting the correct answer.
Here's your question for this week: "In 1964, John G. Kemeny and Thomas E. Kurtz designed the original BASIC programming language. Where were they when they did this?"
Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "Big Green".
Discussion Topic for the Week
This week’s discussion topic is paying ransoms
- What do we mean here?
?- Ransomware has become commonplace
?- Most ransomware, by definition, requires a ransom of some sort
?- Usually bitcoin or some other cryptocurrency
?- Why bitcoin? Fairly anonymous, fast, trackable (blockchain)
- Pros of paying ransom
?- Sometimes cheaper than recovery (especially if your org doesn't have skills necessary or backups)
?- Usually fast recovery
- Cons of paying ransom
?- Not guaranteed
?- What stops them from exploiting the same vulnerability and encrypting again?
?- They know you'll pay
?- You're supporting their efforts (both monetarily and conceptually)
- Summary
?- Ransomware operators are getting better at pricing
?- In the security industry we hate it when you pay
?- But it might be the best option for some people
?- Have to stay on top of the news for the malware
?- Make regular backups and patch!
News
Apple engineer fired after daughter's youtube video went
- In about 25 seconds of footage in the now removed five minute video blog, Peterson navigates the homescreen, demonstrates the phone's camera technology, uses Apple Pay, and shows off the new Animoji feature.
- Right after the video went live, it was pulled down and the daughter claimed that her father had been fired
- Brooke Amelia Peterson says she isn't upset about her father getting sacked and that he takes full responsibiity
- This would be considered a negligent insider threat
- Product details are sensitive information to outsiders
- I feel bad, but this could have been any inside information and we can't let the specifics take away from what it was - an insider threat incident
Thought of the Week Segment
Our thought of the week comes from a Lebanese writer, poet, and visual artist named Kahlil Gibran. He said, "If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees."
Outro
Thank you for listening to episode 25 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.
You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Join our Reddit community and discussions at the subreddit named insiderthreat. The subreddit is also where you'll also find the show notes for this and any other episode, as well as links to the topics we've covered. If you go to our website, you can also find a link to the Patreon page and you can subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.
Thanks again and I'll see you folks next time!?
Comentarios