One of our main focuses as a Business Threat Intelligence team is the supply chain (vendors, partners, and customers)- a critical yet underserved cybersecurity area. Unfortunately, the industry continues to emphasize expensive technologies, ineffective border defense and glamorous but inconsequential “dark web” data. Meanwhile, more and more information gets published confirming that well over 50% of all breaches involve and often originate from a 3rd party. Through white papers, our Secure Vendor Program, speaking engagements, industry think tanks and direct work with clients, Liberty’s Business Threat Intelligence team has been consistently emphasizing the need to understand the threats at a vendor level and help secure organizations with comprehensive and targeted contextualized threat intelligence.
What happens when the “vendor” at fault turns into everyday citizens such as your employees… or their spouses… or kids… on personal machines… while at home?
The Dyn attack of 2016 was one of the earliest and most public examples of non-corporate hardware and the IoT being used to conduct a larger attack. But the attack itself, although temporarily effective, had rather benign consequences. Unfortunately, it was a harbinger of things to come and a new trend we saw bubbling in 2017 and now surfacing in 2018 Citizens as Cyber Weapons. As the percentage of the global workforce that does not check corporate email from home quickly shrinks, new threats are attacking users’ at-home cyber hardware and hygiene as a means into the real objective; sensitive corporately held data. VPNFilter, an attack vector still in the early stages of being understood, infected home equipment at a pace and scale not seen before. But why intercept traffic traversing home networks? To get your logins for online banking? Maybe. But that is hardly the typical volume play cyber criminals strive for stealing one log-in at a time assuming the user(s) will log into banking is not the ROI traditional cyber criminals want when launching large campaigns.
No, a massive, covert and highly skilled home network equipment infection is a means to an end. More public clarity on that “end” will come in time, but for now, rest (un)assured that everyday citizens, their cyber activity and therefore their cyber hardware are quickly being weaponized as conduits into much grander targets. Users of all ages and skill levels can become the unwitting conduits for illicit access to enterprise networks. It’s easier to target a user at home waiting until they connect to a known corporate network and then activating a Remote Access Tool (RAT).
Hackers continue to push the envelope and find creative ways to identify new and larger attack surfaces. Corporations now need to think of security not only as a challenge while employees are on-premise or using corporate equipment, but also must prepare against the newest trend in advanced threats: citizens as cyber weapons. Inquire here to learn how our Liberty’s Business Threat Intelligence team can help your company stay abreast and protected from this and other emerging cyber threats.
Liberty Advisor Group is a mission-focused advisory and strategic consulting firm. We partner with our clients to solve their most complex business issues and improve enterprise value. Our experienced team has a proven track record in Business and Technology Transformation, Data Analytics, Business Threat Intelligence, and Mergers and Acquisitions. We offer original thinking combined with factual data to develop comprehensive, situation-specific solutions that work. With straight talk and proven results, we accelerate growth, drive efficiency and reduce risks. We are experienced. We are doers. We are Battle-Tested.