What are you doing to spot a breach? Technology moves quickly, not just in legitimate business, but in the cybercriminal world too. Advanced attack tools are now available on the black market, lowering the barrier to entry for the average online lowlife. They are happy to target large and small organizations alike, and they only have to be lucky once. Security …
"A hospital may send data to a third party company that produces its invoices for it. How can you distinguish between a legitimate business process like that, and an illegitimate one that is sending sensitive data to bad people?"
How do you know that the legitimate third party isn't compromised? Or that it doesn't employ someone untrustworthy?
You can't. The now outdated tip was to never open emails with broken English and/or coming from unknown senders. The more sophisticated phishers are now sending pixel-perfect copy of legitimate emails and faking senders.
One solution is the analysis of the attachments/links before (or after) delivering the email into the user's mailbox. This can be either automated, like runtime analysis in a malware sandbox. Or manual, such as looking for embedded VB scripts in the attached Word documents and verifying the external links.
Both include investments into technology and hiring people with the right skills.
That they are, but they are still including links to URLs that have nothing to do with the purported origin of the mail.
If I get a mail posing as being from my bank, asking me to click a link to validate something or another, and said link goes to http:\\mybank.com.cn, well sorry, but that is a spoof. When somebody sends me an attachment and the return address domain does not correspond to the domain it should come from, I know it's a scam. And they may be making pixel-perfect images of legitimate mails, but they're still mangling the language.
Of course, one has to pay attention to those things.
There's a lot of unsafe practices like a hospital sending data to a third party to produce invoices. While I do think it is a good idea to work on those, there seems to be a reluctance to eliminate less safe practises when possible. It's as if there is a pull from management to use fashionable outsourcing techniques and otherwise increase the risks. Perhaps it would be more effective to do some things in-house than solve the more difficult security problem of sharing security issues with a third party.
Whenever a new source sends information and intelligence on a new force to an address which might be reasonably presumed and assumed to be active in the field, [and let us say it be something like a government dept (@gov.co.uk) or a military unit (@eur.army.mil)] and there be no reply or acknowledgement of receipt …. and that is not at all rare in areas of sensitive endeavour, believe you me ….. then is it more than just likely that the information and intelligence will be shared with that and/or those considered to be in opposition or competition for the advantage which such certain sensitive infotel delivers.
And that is something of a Catch 42, is it not ……. having an address which doesn’t deliver the goods to prime subjects but instead supplies source force advantage to prime objectives/active competitors.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
