As a company grows in size and it’s public image becomes more and more prominent, it is inevitable that it will become a more attractive target to attackers – whether it be the prime focus of an attack, or the low hanging fruit attached to a greater one. I certainly see this with my employer, and the effort put into some emails that I have had forwarded to me for inspection following my most recent social engineering test have very much illustrated that we are on the radar of some people who possess both determination and resource. However, regardless of how much effort you put into education you’re still guaranteed to get someone who opens a malicious attachment, so to guide incident response you need to analyse the behavior of the file(s) to have meaningful data to work with.
I’ll make it very clear: racism isn’t something I stand for. Intolerance is quite possibly one of the greatest threats to modern society and one of the worst attributes a person can have. However, in the security world everyone has this preconceived notion that China is to blame for a bulk of the worlds internet borne threats.
Is this true? Well, following an incident I was tasked with recently, some of the lesser technically inclined persons involved wanted a bit of insight into exactly where our threats were/are coming from.