Last Thursday evening I attended the SC Magazine eSymposium: Advanced persistent threats. You have to register with SC Magazine to get access to the sessions. Please use always a strong Password.
Among the many informative sessions offered, ‘How to Stop Malware and Advanced Persistent Threats’, sponsored by AccelOps, was in particular interesting for me. In this 30 minutes session Benjamin Powell, Director of Product Marketing at AccelOps, showed how malware, in this case a Remote Administration Tool (RAT), is constructed and how it works.
It is really frightening to see what an attacker can do once he hijacked your computer!
On two slides Benjamin Powell talked about how to protect your organization against APT. Please click to enlarge.
I recommend to generalize the advice about USB drives to ‘Don’t trust USB devices and the files they contain’ because USB devices are in general dangerous. Remind the discussion about BadUsb in summer.
I am often asked ‘What should I do with this USB stick full of documents I got from the organiser of an event’. My standard answer is ‘Never use it! Shred it!’
If you can’t avoid using USB devices for data exchange securely erase all data on the device before copying your data. Format the device and run cipher /w on the volume from a command prompt. Cipher /w (w for wipe) overwrites in 3 passes each block on the device with zeros, ones and random numbers. This makes it very unlikely that an attacker could re-create deleted files.
On Friday I got an invitation to the InformationWeek webinar ‘3 New Tactics To Protect Data On The Move’. First 40 registrants get an 8 GB Dual Purpose USB! It’s hard to believe …