During my drive back from NYC to New England, however, I came up with a new analogy...
Think about this:
Imagine you, going to your office on Monday morning. Probably (I hope), you work in a nice building with lots of windows, new furniture.. comfortable, right?
What if that building was owned and controlled by your closest (and most aggressive) competitor?
Cameras in the building are set to capture screens and documents. Every time you do work, someone (a competitor) is looking over your shoulder, feverishly scribbling notes. The onlooker videotapes keystrokes, credentials, financials, work habits, documents, customer lists, etc. Now imagine that you've got only a small team of security guys, unable to keep them out. They stand at the main entrance and do their best to block the competitors from entering. They stand in front of each desk and in every hallway, but alas, they look like everyone else... nice haircuts, good suit, shined shoes. Heck, their credentials work!... Security can't always spot them. They just keep finding ways into the building... You get the picture, right?
How would you feel? Would you do anything differently? You'd probably be upset, guarded, feel like you've lost a bit of privacy, maybe afraid for your company's future?
What would you think if I told you this is exactly what happens when you are victimized during a targeted attack. If the attack is successful, most unprepared companies quickly lose control over their networks. That receptionist in the front office really thought those kittens were cute. She must have watched that video a hundred times when nobody was looking. She'd received it from someone else in the company via email. It must be OK, right? Immediately following her first click, a bug launches. Keystroke loggers are used to capture credentials. Remote access trojans (RATs) are installed and start phoning home. Once the attacker gets the call, he begins to capture documents and other work product. Various 'credential rich' sources are harvested for employee directories, and interesting employees are monitored routinely. Those systems that are critical to the operation are rendered useless because of all of the bandwidth being used by the attacker. You've got only a small team of security guys (if any), often times they can't keep these guys out. Security monitors at the main entrance, the pipes leading to every computer, and every individual computer, but alas, the intruders look like everyone else. Heck, their credentials work!... Security can't always spot them. They just keep finding ways into the networks...
Getting the picture? This is probably the most accurate analogy that I've come up with to describe what's happening in computing today.. and it's not just big companies. It's not just in the US. Every company I talk to today has 'virus' problems. Most believe that their firewall will keep the networks safe. Even some of the biggest companies are blind to current happenings, but this is a global problem and it's getting worse. Every company in the supply chain of a larger is a target, and I'd say with high confidence, compromised and don't know it.
Who's at risk?
Are you a law firm, financial institution, OEM manufacturer (especially transportation - auto, air), chemical (pharma, oil & gas) company or IT?
- Have you ever noticed your network connection slowing and didn't know why?
- Has your IT team found malware or viruses that have no, or very few results in VirusTotal or other online research sites?
- Have your nighttime computer routines failed or timed out (this may be an indicator of nighttime activity on your networks).
Join Red Sky Alliance today. If you're a private company, and need to know more about what's happening on your networks, or want to compare notes on technical analysis and intelligence with other really smart people in real time, Red Sky Alliance is for you.
Are you a smaller company? Federal civilian government agency? State? Local? Join Red Sky's Beadwindow Portal. Beadwindow offers the same level of service as Red Sky, but with slightly different views on who may participate at a lower price point, and best of all? Everything is UNCLASSIFIED! There's no need to find a SIPRNET (or worse) to download information from NTOC. Your folks don't need security clearances to access our Beadwindow Portal. And when you call, ask about Sequester pricing! Beadwindow costs WAAAYYY less than a week of White House tours!
Just need help analyzing data? Need forensic services? Don't want to build your own team? Or maybe you just need someone to take some of the more routine forensic work off the shoulders of your already taxed Infosec guys.... Check out Wapack Labs! Wapack Labs is our newest addition to the Red Sky lineup. Wapack Labs is furnished, staffed, and set up. It'll open in the Historic Mills along the river in Manchester, NH on the first of April. Wapack Labs will initially handle non-criminal computer forensics, analysis and R&D projects. In fact, we've even had our first customer! A woman walked in on Thursday while we were setting up our furniture. She'd seen the 'coming soon' sign on our door and she wanted to know if we could recover her baby pictures and videos from a crashed 1Tb external drive... and you know what? When you like to bootstrap (and we do!), mom's money is green, too! It'll pay for the coffee pot and new Wii U (lab guys apparently, LOVE killing zombies).
Have a great week!
Wapack Labs Contact info:
250 Commercial St., Suite 2013
Manchester, NH 03101