Logo

Ep 11: Strictly Confidential

en-us

January 15, 2018

TLDR: Tech company detects hacker in their network through digital forensic efforts. Investigator's surprising result sheds new light on innovative tech development.

1Ask AI
  • The Excitement and Importance of Thwarting Cyber AttacksOutsourcing security teams to detect Advanced Persistent Threats (APTs) in clients' networks can save money, and immediate action is crucial to protect valuable intellectual property. Forensics and incident response consultants work diligently to detect, isolate and defeat the attacker.

    Companies often outsource their security teams to save money, and a security team's job is to detect APTs in their clients' networks, which are the worst kind of hackers to find in a network. Andrew, a District Forensics and Incident Response Consultant, works for a security assessment and digital forensics company that offers this service. During his assessment, they detected an active threat actor in a client's environment, which is a company that develops cutting-edge technology and has valuable IP. Andrew and his team worked to thwart the hacker in a toe-to-toe scenario. This work can be very exciting, especially when facing such high-stakes cyber threats.

  • Understanding and combatting advanced persistent threatsWhen facing an APT attack, forensic analysis of malware is crucial in developing a deeper understanding of their methods. It is important to monitor their activity to accurately identify and remove their ingress points.

    Advanced Persistent Threat (APT) groups are highly-skilled hackers with specific goals and significant resources. They are difficult to detect and often sponsored by nation-states. When attacked by an APT, it is crucial to study the malware used in their tactics to understand their methods. Forensic teams isolate and identify the malware, develop a profile, and collect IOCs that are used to detect more about the APT in the network. A monitoring period is needed to identify where the APT is active in the environment before attempting remediation. This is to get a more accurate picture of their ingress points and infrastructure, so it is not mistakenly removed, and they come back in a different location.

  • How to Approach Remedying Cybersecurity Threats with CareResearch extensively to build knowledge and understand threats better. Don't rush remediation, as removing malware prematurely can compromise the investigation. Work with cybersecurity teams to determine the best course of action and remain calm.

    It is important to tread carefully while remedying cybersecurity threats as threat actors can change their tools and tactics once they know they are being targeted. The blind spots this creates can be dangerous for the company and its intellectual property. With extensive research, teams will be able to build up their knowledge and understand the threat better. It is crucial to not rush remediation, as removing malware prematurely can compromise the investigation. In some cases, these threats can go undetected for years and have catastrophic consequences. It is important for companies to remain calm and to work with their cybersecurity teams to progress with remediation and determine the best course of action.

  • APT, Buy-Out Attempt, and Vigilance Against Cyber ThreatsCompanies must stay alert to ongoing network monitoring and maintain constant vigilance against cyber-security threats like APTs. A successful attack can lead to severe consequences, including a buy-out attempt or other impacts on business operations.

    A company's security team discovers an APT in their network and studies it to collect more data. The team prepares to remediate the issue and fly out to the company's location when they discover that the APT has gone quiet. A financial news report reveals that the company had been subject to a buy-out attempt by a company from the same part of the world that the threat actor was from. The security team begins to suspect that the APT was involved in the buy-out attempt. It is important for companies to constantly monitor their networks and stay vigilant against cyber threats, as the potential consequences of a successful attack can be severe.

  • Prioritizing the Protection of Intellectual Property and Mitigating Cyber Attack RiskCompanies must prioritize protecting their intellectual property from state-sponsored cyber criminals and be cautious of unexpected buyout offers. Remediation efforts should include looking for missed discoveries, but most attacks are focused on theft, not destruction.

    Hacking is a business and cyber criminals are motivated by money. This means that companies must think differently about how they protect their intellectual property from state-sponsored groups who may be conducting due diligence before acquisition. Remediation efforts after an attack should include looking for any missed discoveries, but it is important to note that most attacks are focused on theft and not destruction or corruption of data. Companies must be aware of the potential for inflated figures prior to acquisition and be cautious of unexpected buyout offers. Ultimately, companies must prioritize the protection of their intellectual property and consider the motivations of state-sponsored groups in order to mitigate the risk of cyber attacks.

Was this summary helpful?

Recent Episodes

Ep 14: #OpJustina

Ep 14: #OpJustina

Darknet Diaries

In 2013 an unnamed hospital was accused of conducting a medical kidnapping against Justina, sparking anger across the country, including from members of Anonymous.

March 01, 2018

Ep 13: Carna Botnet

Ep 13: Carna Botnet

Darknet Diaries

Carna Bot was built to understand the internet better and unintentionally caused a data-filled malicious event.

February 15, 2018

Ep 12: Crypto Wars

Ep 12: Crypto Wars

Darknet Diaries

In the 1990s, internet users in the US faced government restrictions on encryption. A few brave individuals fought for their civil rights and successfully won the right to use strong encryption.

February 01, 2018

Ep 10: Misadventures of a Nation State Actor

Ep 10: Misadventures of a Nation State Actor

Darknet Diaries

In today's world of intelligence gathering, governments hack other governments: Listen as a nation state actor guides you through its operations.

January 01, 2018

Related Episodes

Private Eyes

Private Eyes

Hacked

The story BellTroX and the world of private investigators outsourcing the nitty gritty stuff. Like Hacked? Subscribe, spread the word, and visit https://www.patreon.com/hackedpodcast to show us some love. Learn more about your ad choices. Visit podcastchoices.com/adchoices

August 01, 2022

Ep 15: Ill Tills

Ep 15: Ill Tills

Darknet Diaries

A major retailer's point of sales machines were hacked and found to contain malware after a digital forensics investigation. The responders were able to identify the malware and stop its spread, although it is unclear how much customer data was ultimately leaked.

April 01, 2018

131: Welcome to Video

131: Welcome to Video

Darknet Diaries

Andy Greenberg discusses his book 'Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency', which explores how investigators used bitcoin tracing techniques to disrupt child sex abuse dark web websites. Varonis and Axonius support this show, providing solutions for ransomware detection and IT asset correlation.

December 27, 2022

The Place Where You Get Answers From

The Place Where You Get Answers From

Hacked

Jordan Bloemen & Scott Francis Winder debate about Vastaamo's data breach and its implications when highly sensitive info was mishandled.

May 25, 2021

AI

Ask this episodeAI Anything

Darknet Diaries

Hi! You're chatting with Darknet Diaries AI.

I can answer your questions from this episode and play episode clips relevant to your question.

You can ask a direct question or get started with below questions -

Sign In to save message history