The focus of the RSA 2020 was the “Human Element.” This was certainly on display in a variety of different aspects. Attendance and foot traffic was noticeably down compared to events spanning prior years. Big names such as Verizon, IBM, and AT&T were absent as the city of San Francisco prepared for a virus epidemic scare, affecting its people instead of computers.
I spent a great deal of time at TechGuard Security’s booth speaking to people from all over the world about the challenges they faced in the ever-evolving threats to information technology. As a penetration tester, I was excited to hear personal accounts about breaches from people who were looking for security technology and services to prevent their lost hours of life from dealing with the response and recovery. Business Email Compromise (BEC) scams seem to be on the tip of everyone’s tongue while they told stories about the hackers that gained access to their networks. A couple of techniques stood out and I wanted to highlight what companies are dealing with in industries of all sizes:
The Bogus Invoice Scheme – Attackers pose as the company CEO or any executive and send an email to employees in finance, requesting them to transfer money to the account they control.
CEO Fraud – Attackers pose as the company CEO or any executive and send an email to employees in finance, requesting them to transfer money to the account they control.
Account Compromise – An executive or employee’s email account is hacked and used to request invoice payments to vendors listed in their email contacts. Payments are then sent to fraudulent bank accounts.
Attorney Impersonation – Attackers pretend to be a lawyer or someone from the law firm supposedly in charge of crucial and confidential matters. Normally, such bogus requests are done through email or phone, and during the end of the business day.
Data Theft – Employees under HR and bookkeeping are targeted to obtain personally identifiable information (PII) or tax statements of employees and executives. Such data can be used for future attacks.
Training is still a large part of preventing these attacks. Employees can’t play the “IDK” card if they are required to take mandated courses keeping them educated on the risks of being an employee with an active email account. All it takes is one convincing email to spread havoc throughout the corporate network.
These stories were far too common among the conference crowds looking to protect themselves. Sometimes, all it takes to prevent millions of dollars in damage is just to flip a switch on multi-factor authentication (MFA) in Office3650.
Endpoint solutions and email gateways were also big names at the event as Anti-Malware and heuristic-based virus protection lead the charge once a compromised piece of code made it into the network. Detecting traffic and file use pattens while mapping them to similar signatures used by other pieces of attack code seemed to be the way most people were implementing their layered defense.
Of course, companies directed at containing the spread of these attacks were also represented around every corner of the convention. Identity and Access Management companies were talking about how role-based access control (RBAC) can restrict access down to a particular job role. This is beneficial in the case that a hacker compromised their standard account. The policy of “least privilege” is a common theme in a layered defense against malicious actors.
In the end, cybersecurity education was on full display as event attendees learned about innovations in the field. Protected by an endless supply of hand sanitizer, the businesses that did show up did their best to provide the latest preventative information to event attendees. Businesses teams reached out their hands in an effort to advance the field and protect their customers from an impending doom of malware and threats that 2020 will bring. Through this effort, RSA 2020 was successful in showcasing that the human element is both the first and last layer of defense in the face of virus threats both organic and technological.
Written by Grant Codak
Grant has over a decade of IT experience spanning a variety of domains with a focus on defensive security. Grant is currently a Cybersecurity Expert at TechGuard Security where he performs a wide variety of proactive security services, including penetration testing. He also holds the following certifications: CISSP, CEH, Security+, Network+, A+, and Metasploit Pro Certified Specialist. Recent responsibilities include, a Senior Web Security Engineer at a Fortune 50 organization along with a variety of application administration roles in security operations. His past project work includes, web tool development as well as firewall and web proxy migrations. Currently at TechGuard Security, Grant conducts audit control assessments, penetration tests, vulnerability assessments and social engineering exercises. Grant ties his knowledge together with his deep understanding of network operations and security architecture to deliver approachable report analysis to clients. Grant is also a nature enthusiast and enjoys mountain biking, hiking and kayaking.