This isn't earth shattering news... but it does speak to this: Expect the bad guys to use familiar tools (things you use each day) to gain access to personal information. Why Adobe? Why not! It's free and many people use it. In fact, the JACADIS security team uses "infected" Adobe PDF files to evaluate how well employees follow basic security awareness rules. We also use it to test assumptions regarding how well a company's prevention, detection, and response safeguards stand-up to cybercrime-like attacks.
A couple days of "harmless" and tactically sent Adobe attachments and links confirms several things every company needs to know:
- Do our inbound content filters prevent malware from entering the corporate network?
- What about the desktop? Does the host AV/IPS detect when the callback agent embedded in the Adobe file phones home?
- Do outbound web content filters categorize the "call back" location as malicious? Is it categorized at all?
- And the SIM... Oh, the SIM . Does it intelligently correlate all of this activity, relatively obscure in its parts, but significant as a whole?
Perhaps you'd be surprised if I told you most people can't even answer yes to at least one of these. What's more, we don't go through great lengths to hide our call back servers or encode our traffic. We keep it simple. And simple works.
Simple worked at a public insurance company, even with several layers of security deployed like Cisco IPS, ASA, CS-MARS, McAfee antivirus, and hosted AV/SPAM filtering. We phished our way onto the network in two minutes. Nothing logged our activities. Thank goodness we're the good guys.
If you think "deployed" means "secure"... think again. If you have doubts, drop me a note. I'd love to hear from you.
-- Simon
Comments