top of page
brencronin

Insider Threat

Updated: Dec 3

Three categories of Insider Threats:


  • Malicious insiders

    • Theft of IP

    • Sabotage

    • Espionage

  • Negligent Insiders

    • Ignoring policy and procedures

    • falling for phishing or social engineering attacks

    • Misusing or oversharing privileges

  • Accidental insiders

    • Accidental disclosures of sensitive info (e.g., emails, file uploads)

    • Loss of devices

    • Unintentional installation of software



Systematic ethical decisions



Employees who have people problems.




Many corporations are blocking the usage of personal applications entirely (e.g., google, webmail, drop box, etc) and also adding additional levels of system monitoring like Proofpoint ObserveIT activity recording.



Tools used to abuse Insider Threats


Anonymity Tools - VPNs


??????


Anonymity Tools - Browsing


Thanks for pointing out TAILS "The Amnesiac Incognito Live System".  I have heard of it but never used it.


"Recently the Afaaq Electronic Foundation (AEF), an arm of the Islamic State who are dedicated to “raising security and technical awareness” among jihadists, published their advice on how to avoid law enforcement surveillance. Their message was broadcast on Telegram, with a message of “Stay calm and use strong encryption”:  It provides a focus on the three T’s which are cause law enforcement to lose sleep: Tor, Telegram and Tails OS."  (Buchanan, 2018).


The TAILS feature to wipe memory seems pretty bullet-proof.  The main forensic evidence for CD-booted filesystems are gathered through memory analysis.  The TAILS memory wipe feature adds an additional hurdle to the investigator in that they would have to capture memory while TAILS is being used.


"By automating forensic memory analysis of RAM, Digital Forensics Solutions has provided investigators with a method to completely reconstruct a live CD-booted filesystem. Recovery of the filesystem not only allows for standard forensic process to be followed, including the recovery of all relevant evidence, but it also allows for the evidence obtained and the results gathered to be used in a legal setting. Through the development of the Volatility memory analysis plug-in, the anti-forensics power of live CDs has been greatly diminished, and analysis of these systems is now possible for investigators of all skill levels."  (Case, 2011).


To add even more security TAILS started supporting secure boot in 2020.


"However, until today, despite the plethora of security and privacy features it possessed, Tails did not support UEFI Secure Boot setups. Users who wanted to use Tails on a computer had to disable Secure Boot in the computer's BIOS, leaving their devices vulnerable to firmware tampering that could later compromise the communications carried out through Tails.  According to the Tails website, work began on adding Secure Boot to Tails six years ago (Links to an external site.), and starting with Tails 4.5, released yesterday (Links to an external site.), users can now safely enable Secure Boot and run it alongside Tails, out of the box, without having to do anything or run complicated workarounds."  (Cimpanu, 2020)


 


 


References


Buchanan, B.  (2018, August 2018).  The 3T challenge for digital forensics: Tails, Telegram and Tor.  Medium.  Retrieved September 10, 2021 from https://medium.com/asecuritysite-when-bob-met-alice/the-3t-challenge-for-digital-forensics-tails-telegram-and-tor-8d800c42af15 (Links to an external site.)


Case, A., Pfeif, D.  (2011).  Evidence Technology Magazine.  Forensic Investigation of Live CDs.  Retrieved September 10, 2021 from https://www.evidencemagazine.com/index.php?option=com_content&task=view&id=735&Itemid=50 (Links to an external site.)


Cimpanu, C.  (2020, April 8).  Tails, the security-focused OS, adds support for Secure Boot.  ZDNet.  retrieved September 10, 2021 from https://www.zdnet.com/article/tails-the-security-focused-os-adds-support-for-secure-boot/






References


Johnson, J.  (2021, January 21).  Most common data exfiltration behaviors during insider threats in the United States in 2020.  Statista.  Retrieved August 21, 2021 from https://www.statista.com/statistics/1155846/most-common-data-exfiltration-insider-threat-types-usa/



1 view0 comments

Recent Posts

See All

Comments


Post: Blog2_Post
bottom of page