Secure Your Company from Data Leak and Ransomware — Part I
Hi all, I hope all is well. In this article we’re going to figure out how you can secure your company from data leak and ransomware. This series will contain 2 or 3 parts. Let’s start with insider threat and phishing attacks.
Companies spend millions of dollars on security products, but forget that the real risk is inside.
Insider Threat
One of the most important thing in security of company, identity access and management. You have an internal network and hundred of product inside. Where’s your code? Gitlab? Github? or maybe Bitbucket? Suppose that you have a gitlab instance in your internal network and hostname of this instance;
https[:]//gitlab.internalcompanyname.com
To secure this instance you have to ask two questions and then other questions in these questions.
Which of your employees have access to this instance?
- Bob and Alice
Bob is Senior Developer and Alice is non-technical person in this company so, Bob has more access from Alice for this instance right? Bob can view and edit all repositories for this company but Alice shouldn’t see any block of code. When Alice get hacked it will be terrible for us because non-technical user can access to company code repositories. As we know Non-technical employee are more likely to be hacked. So, our purpose must be least privilege principle!
Is our technical employees reliable?
We have a call from a ransomware group and they say;
We have a privilege employee to your cloud environment in your company. You must pay 100 BTC to us. Otherwise all your data will be encrypted.
One more scenario,
Hey Bob, do you want to get $50k with 1-click? Click downloaded file from email and get your $50k. Oh, that was an accident don’t be afraid.
They have Bob inside. You must choose a good and ethical person for your company.
Are there people we work with from outside?
Also we have to work with other companies and of course they have technical employees and sometimes they have to connect to our internal network. We must care for IAM and Real Time Monitoring. When we talk security you can’t trust anyone. You must be care about access management and you must give least privilege to this employee and also you should watch every step of him/her. Suppose that, employee want to run a bash script and this script contains a malware or basically he/she wants to get information about your systems, these situations are important for us. For us, every attack vector is important you can’t imagine what will happen.
Do your employees have information security awareness?
Bob got a screenshot from gitlab with code block and code block contains sensitive information Bob shouldn’t;
Convert or upload this file to public cloud,
Send this screenshot via email,
Store in unsecure platforms or social media,
Upload to Github, Gitlab or Bitbucket publicly
Also when you share a screen to your colleague you have to care about sensitive information about you and your company.
Bob got an email which contains a url, then url contains a malware or a login page, when Bob logged in this page attacker will steal password of Bob’s account, this account can be anything even social media account. When attacker stole password of Bob’s social media he/she will contact with Bob colleagues and then will gather information about company. In this situation attack is starting. After this you can imagine million of combination about this. Also it can be malware and attacker can gain information from internal network, so attacker should have a vulnerability to exploit critical systems.
What about a phone call? Alice is calling Bob with and she says, she required password of identity access management system. Alice is manager of Bob, but wait she isn’t Alice. She is attacker. So attacker got password within seconds.
Bob taking a selfie when working, Bob has sensitive files in the table and these files visible in the selfie. Sometimes attacker gain information from image metadata. Sometimes rhis data contains location information.
Bob share all own sensitive information in social media and also he is creating related passwords with shared information. Bob can leak any password of any application and this application can leak customer data. These are really simple things but critically important.
Don’t forget this, there are more complex phishing attacks mrd0x has really good techniques about phishing attacks. For example;
In part II, we will talk about application security and data leaks. Thank you..
