3 terrifying, but true, security tales

Just in time for Halloween, security expert Dr. Eric Cole shares scary stories about cybersecurity

While Halloween only comes around once a year, organizations are constantly encountering situations that are downright scary. In honor of Halloween we thought readers might get a thrill out of a few frightful, but true, cyber tales as experienced by cyber security expert and SANS Institute Instructor, Dr. Eric Cole.

Invasion of the System Snatchers

Consider this dreadful example. It is a seemingly beautiful afternoon and Dr. Cole is leaving to play golf (something he rarely has the opportunity to do). As he's getting ready he receives a call from his client; they are in panic mode after having just received a call from the FBI alerting them that they have had a system compromised by an APT (gasp!). He rushes to meet his client onsite (so much for playing golf) and they begin the dreaded search (if you want to find a needle in a haystack, you first have to reduce the amount of hay). This gruesome task, which led to the identification of the compromised boxes, required them to perform painfully-strict outbound packets while sorting the traffic based on outbound connections, length of the connection and size of the data leaving the organization.

[ For more frightening tales about awareness read: Social engineering stories]

How scary is this:two of the compromised boxes were another foreign adversary that they did not even realize compromised their network while the other system was an administrator who was running an illegal NetFlix video store from the company's data center! Perhaps the most gruesome part of this tale is this was a Fortune 50 organization that had no clue what was happening on their network -- very frightening!

I Know What You Did....At The Mall

Consider this next tale. An organization wants to ensure better security and protection after a laptop is stolen from an employees car while he is shopping at the mall. While full disk encryption could help protect data from a stolen laptop, the CIO asked that the incident be investigated to determine exactly what happened. After speaking with the user he confirmed the car was locked and the laptop left on the back seat. Seems harmless, but wait& upon additional questioning the user began to appear very uncomfortable. Finally, following some hesitation, he admitted the car was a convertible and the top was left down as he went into the mall. It does not happen often, but Dr. Cole was speechless. Perhaps the most frightening thing about this tale is people who use this logic are given access to sensitive corporate data. How terrifying is that!!

The Forgotten

If you dare to read on, here's another laptop horror story. This particular organization is very concerned about protecting the data on their laptops; therefore, they decide to install full disk ("on the fly") encryption on all laptops. They spent several months evaluating products and installing the software. Despite doing what they believed to be their due diligence, they overlooked one extremely disturbing software feature -- when the user logs in, it unlocks the keys that enable the data on the hard drive to be decrypted and read (how scary is that!). Essentially the strength of the system is based on the robustness and protection of the user's password.

Before being deployed to the entire organization they wanted Dr. Cole and his team to test things out to verify the software was very robust. A file was included on the encrypted hard drive; the goal was to see if Dr. Cole and his team could figure out the content of the file. The first thing the team did when they got back to the lab was turn on the system. The system booted up and, much to everyone's surprise, auto login was enabled (gasp!). The system automatically logged in the user and they were able to easily look at the screen and all data, including the file -- how terrifying! Within 60 seconds Dr. Cole and his team successfully broke in merely by turning on the system. Through misconfiguration the full disk encryption provided no protection. Now that is scary!!

While Halloween will soon be gone, it is terrifying to know these frightening tales will continue to play out in organizations around the globe. To keep your company from becoming a house of horrors, educating end users is a great place to start. Organizations must wake up and realize the importance of the human element. Otherwise these gruesome tales will continue. If you work to change a persons habits through heightened awareness you will minimize risks.

Dr. Eric Cole is a SANS faculty fellow and course author, and founder of Secure Anchor Consulting.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about APTFBISANS Institute

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Dr. Eric Cole

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts