Actions Speak Louder than WordsOptio Labs
As members of today’s digital age, the statement “actions speak louder than words” has never been more important. In a world that revolves around online connectivity, we must make a habit of examining all sides of a cyber-situation as it relates to potential risks.
Cloud services have a relatively clean record when it comes to security. But in December, FireEye disclosed a trend that revealed threat groups to be hiding malicious command and control functions in communications with legitimate web services, such as Dropbox. This new threat is a perfect example of our need for deeper examination of security protocols associated with the platforms that facilitate our everyday exchanges of information. Equally as important, it emphasizes the need for change in the way we fight today’s sophisticated attackers.
Many people using web services such as Dropbox do not consider security when they upload or download documents from the site, as they assume all the proper precautions have been taken. And they certainly do not consider the possibility that opening suspicious emails can lead to a major information breach. While online security is slowly becoming more of a concern for the average citizen, at the end of the day, teaching employees not to open suspicious emails is only the beginning. It is the job of companies to provide a secure working environment for their employees, eliminating the possibility of malicious or accidental conduct that will result in a severe data breach.
To put this into perspective, every system, connection, platform, application, database, component, and monitor emits a never ending babble of information into a system log to be meticulously viewed, reviewed, mulled over, and deliberated about after a problem has occurred. This information is diligently stored, GB after GB, in a data center, waiting for the inevitable…. Wouldn’t it be great if all this data could help you prevent an attack?
This leads us back to the beginning of our discussion. Rather than using easily evaded methods for tracking traffic or thinking, “Block that transfer to the sharing site in China, but of course good old Dropbox should be fine!” we can prevent these sorts of vulnerabilities by looking for suspicious behavior and scrutinizing the traffic related to that behavior differently.
‘Contextuality’ is a big buzz word these days in the battle to protect critical data, systems and connectivity in the Cyberspace age. But often context is the missing piece to the problem of security enforcement; it allows us to relate multiple factors into an actionable piece of intelligence. As is necessary when dealing with a potential con man, we must look at the context of any situation in order to better understand our risk factors.
Dropbox is not a suspicious application, and sending a file to Dropbox is not inherently wrong. But if we start looking for unknown applications trying to connect to a Dropbox account and gain access to files it shouldn’t have access to, all of a sudden we have an action that can be blocked in real-time to prevent a security vulnerability.
Remember, actions speak louder than words, and assuming you are secure and being complacent about your security posture is a great way to become the next data breach headline. A little digital distrust can go a long way in making sure a vulnerability is detected before it has a chance to inflect damage. Monitoring for suspect applications trying to use known communication methods to access critical data may seem rudimentary, but sometimes simple is better.