Acture/CSI has been going at a dizzying pace. I counted 16 online and in-person events for 2024, plus NYSCATE. Then you add all the Acture Solutions events. The Acture Solutions family has been busy providing you with the best technical information and best products to support you in maintaining a stable, secure, manageable network for your administrative back end and your instructional teaching and learning
That culminated last week with our 9th annual Cybersecurity Event. I hope you were able to attend. We had an amazing turnout and, more importantly, amazing content. We have already started planning next year's event.
As excited as I am about what we have done, I want to discuss a serious topic that stemmed from the FBI agent's remarks during our security conference.
There is an increase in "insider" attacks involving extortion and, more specifically, the sexual exploitation of people sitting inside the network. Even if a user is a limited user on your network, they can provide an anchor point inside your network for an attacker. From there, they will determine what software can be exploited on that endpoint to gain local admin access. If they can get local admin access and with a willing insider participant, the attacker is set up for a broader attack.
The attacker lures the insider victim into a compromising situation. The intention is to use that information over the person to get cooperation for a broader attack. This often involves real or AI-created, fake sexual pictures of the victim to blackmail the victim into cooperation. The FBI says this is happening for both men and women and boys and girls!
It is a pretty dark subject, but it is very real. This should be part of your discussions with your staff and students, as well as security awareness training.
Unfortunately, I have seen what our FBI speaker talked about at a recent security event locally. A district workstation was connected to a well-known ransomware gang that appeared to have been invited into the district by someone in the district.
It is a touchy subject as the insider could be a victim, an unwilling participant, and an attacker all at once.
I can only speak to the technical side of the story, where our SOCs saw the activity and killed it, and our deployed tools tracked down the source and killed the connection. The SOC's quick intervention stopped the attack before any data could be taken or any ransomware could be deployed. Once again, the attackers appear to have disengaged when they realized there was an active defense.
The other interesting thing about this event was that the site deployed a mixture of our tools and another vendor's "comparable" tools. Our tools worked and alerted us. Despite being working, current, and fully updated, the other tools did not see the attack at all!
CSI has repeatedly proven that its tools and processes provide the best, most layered defense against these very real threats.
If you'd like to discuss updating your security stack so you can sleep better at night, please contact us.
-Scott Quimby, Senior Technical Advisor, CISSP
Acture/CSI
You must be logged in to post a comment.