This week we released Fusion Report 27. FR12-027 contains analysis on the Citadel Banking trojan to include details on how the malware encrypts communications and behaves differently in a virtual environment. While this activity was not targeted in nature, the malware appeared to be widespread and affected users in both of our Red Sky and Beadwindow communities. This prompted me to thinking.. what does a typical user think about simple intrusions like this one?
To that, I took I the opportunity this week to have great conversations with users whose machines had been victimized during various events. I wanted to bring this back to a “human” perspective and write this week’s blog and talk a bit about how users react when their computer starts to act funny. These are great observations. Infosec folks should pay attention. This is important. Here are a couple of observations and thoughts:
Users are becoming numb
Agents on enterprise computers do funny things
Spearfishing and waterhole tactics are invisibile
It’s easier to reboot or work through it
Bottom line: Users are learning to live with risk. Agents running on machines, the constant threat of bad email, and simple enterprise issues that arise daily are all causing users to work through the pain.
Users don’t know how to prioritize those risks that might really be stealing information, or how to recognize the symptoms. How do we reach them? I’m interested in your feedback and thoughts.