AVAR Unraveled: Anti-virus Asia Researchers International Conference

In this BHIS webcast we cover some new techniques and tactics on how to track attackers via various honey tokens. We cover how to track with Word Web Bugs in ADHD, and cover the awesome toolkit from Thinkst. We also cover some of the legal ramifications involved in do this. I am covering this for a couple of reasons. First, there are a lot of companies who are selling cyber deception in the form of honeypots, which is cool – but not near enough for attribution. Also, it is time to start gearing up for Black Hat.

As we all know too well, 2020 and 2021 have been full of adaptations. While many employees adjust to working remotely, IT and security professionals everywhere must work overtime to secure and manage their company’s network core infrastructure.

Only with full visibility into employee or third-party activity across a company network can even the earliest indicators of an insider threat be detected. By monitoring both user and file activity, security and compliance professionals can be alerted to risky, out-of-policy activities and any unexplained changes in user behavior in real-time; successfully stopping and investigating any activity before it becomes a full-blown breach. Research from The Ponemon Institute shows that Financial Services organizations face the highest penalty costs of any other industry ($12.05 million annually) when they experience an insider-led incident, though they are closely followed by the Energy & Utilities and Retail sector. This cost alone is a very concrete reason to address what otherwise might seem to be an invisible problem.

Insecure implementations of Remote Desktop Protocol have exposed organizations to serious risks of cyber attacks. Ransomware like SamSam and cryptominers like CrySis exploit insecure configurations, resulting in large and well-publicized breaches like the one that occurred at LabCorp. Because of the nature of Remote Desktop Protocol, these exposures often occur outside of organizations' known IP space, making them difficult to detect and remediate. This webinar will discuss how easily these misconfigurations can occur, how organizations can discover them, even outside of normal IP space, and how they can establish playbooks to remediate and reduce occurrence over time.