Cybersecurity Roundup: Black Hat USA 2019 Edition
…provider, gauges attitudes and views on deception technology in the enterprise. Among the key findings:
- Users of deception technology reported a 12-times improvement in the average number of days it takes to detect attackers operating within an enterprise network.
- 70% of users highly familiar with deception technology report a high confidence for detecting in-network threats.
- 71%of respondents cited that they have achieved a significantly to somewhat higher value from the technology than initially expected. Some 84% said they planned to increase their spending in the future.
- 67% of respondents evaluating or planning to look at deception technology cited the speed of detecting threats early in the attack lifecycle as the primary driver behind their interest.
“Quantifying the ROI of security controls can be extremely challenging and is often tied to overall breach metrics that can be heavily debated,” said Carolyn Crandall, Attivo’s chief deception officer and chief marketing officer. “This survey is particularly interesting in that it quantifies the specific value derived and the sentiment of deception technology users compared to non-users.”
Strolling Around the Dark Web
At Black Hat, Sophos released a new research report on Baldr, an up-and-coming password stealer with at least four major revisions over the past seven months. The Baldr story is connected to a “vast criminal underground enterprise of trading stolen goods,” said John Shier, senior security adviser.
“I am literally looking at some of these markets as we speak,” he said. “They come and go, but if there’s one thing that’s common to all of them it’s that they will never go away and they’re always striving to produce more content, and that content is generally illicit drugs … however, there’s always the digital goods section and that’s where you find your credit cards and card verification value numbers (CVVs), and your stolen gift cards, and then things like compromised credentials, compromised server access, etc. It’s this nice, tightly knit ecosystem that if you’re somebody with ill intent, you can one-stop shop on the dark web. If you have no knowledge, you become a cybercriminal just by spending time on the dark web. You can find tutorials, hire some services and buy some tools.”
Chet Wisniewski, Sophos’ principal research scientist, said the guys who write the malware aren’t social enough to know how to sell it, so they need distributors just like real software companies.
“And in this case it’s crimeware-as-a-service, so they’re not actually deploying it to victims directly, they’re selling it to wannabe criminals that don’t know how to write their own bad code,” he said. “So there’s a minimum of three tiers before you actually get to victims.”
With Baldr, when the information was flowing from the victim machine back to the customer who bought the software, it would pass through the original author’s servers and then they would take a copy, so your credentials are being stolen twice, doubling the opportunity for your credentials to end up dumped somewhere on the dark web, Shier said.
“That is a problem because it means that even though you may not get breached today, people do tend to reuse…