Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session

X

[Podcast] Making Security Great Again

Data Security

 

Leave a review for our podcast & we'll send you a pack of infosec cards.


Since October was Cyber Security Awareness month, we decided to look at what’s holding back our efforts to make security—to coin a phrase—“great again”.

In this episode of the Inside Out Security Show panel – Kilian Englert, Kris Keyser, and Mike Buckbee – shared their thoughts on insider threats as discussed on a recent Charlie Rose show, the brilliant but evil use of steganography (the practice of concealing a file, message, image, or video within another file, message, image, or video), and the dark market for malware hidden in underground forums.

For a taste of the podcast, here are a few data security ideas and quotes from our panelists.

Insider Threat
According to Keyser, an insider attack might not necessarily be the fault of employees. It could be that a hacker obtained their credentials—by guessing or pass-the-hash– and the attack was executed under their name. So don’t make an employee the ‘fall guy’ for what was really an outsider. Blame IT instead. Kidding!
Steganography
On hackers hiding credit card information on images, Keyser says, “It’s reminiscent of the skimmer attack, you might find on an ATM or a card reader at shop you go to, but it’s applying that same concept to data, the nonphysical world.”

Like the rest of us, Englert was fascinated by the use of steganography. Englert says, “It’s always been kind of an interesting concept that I played with just for fun, but to see this used as an exfilitration method, it’s terrifying and it’s also brilliant. Having the website serve up the information you’re stealing, publicly, hidden in image files, it’s such a great way to get data out.”

What will hackers think up next?

Underground Forums
Englert thinks these underground sites are fulfilling a market need. He says, “Why not be enterprising? Makes sense from a business perspective. It’s not moral, but a way to make money.” Hackers are certainly displaying an entrepreneurial spirit.

Thinking Like a Hacker

With DDos attacks on the rise – up 125% in 2016– Buckbee shares what he learned from Marek Majkowski’s presentation, “Are DDoS attacks a threat to the decentralized internet?” A united Internet makes us strong, and with a divided one we may fall.

A Tool for Sysadmins

Mosh (mobile shell) is a remote terminal application that supports intermittent connectivity, allows roaming, and speculatively and safely echoes user keystrokes for better interactive response over high-latency paths.

Cindy Ng

Cindy Ng

Cindy is the host of the Inside Out Security podcast.

Kilian Englert

Kilian Englert

Kilian has a background in enterprise security engineering, as well as security solution selling. Kilian is a Certified Information Systems Security Professional (CISSP) and creates internal and public content on topics related to cyber security and technology best practices.

Michael Buckbee

Michael Buckbee

Michael has worked as a syadmin and software developer for Silicon Valley startups to the US Navy and everything in between.

 

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.