This is the spearphishing threat chain:
The goal of the defender is to disrupt this threat chain as early as possible in order to prevent or mitigate harm.
While Iconix has nothing to add to the ongoing political debates about Edward Snowden and his NSA disclosures, we do want to point out the important lessons he teaches us about credentials. As Mandiant reported in APT1, a primary objective of state-affiliated attackers is user credentials; with user credentials in hand, the attacker can jump to stage 5 of the threat chain. What can a person do after entering stage 5? Edward Snowden shows us what a user (once an attacker has credentials, the attacker is a user!) can do.
NBC News is reporting that Snowden used his knowledge of systems to cover his tracks. He deleted or bypassed logs making it impossible to determine what he viewed or downloaded. In light of all the safeguards that NSA had in place, NBC asks the question:
If Snowden could defeat the NSA’s own tripwires and internal burglar alarms, how many other employees or contractors could do the same?
The same question applies to hackers! In fact, we know that hackers use the same techniques to cover their tracks, evading detection for years.
Snowden emphasizes the importance of disrupting the threat chain as early as possible. At Iconix, our goal is to make the spearphishing vector less effective. Spearphishers deceive people into making bad email decisions that compromise security. IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.
You can contact us at 408-727-6342,ext 3 or use our online form.