Join security expert Amélie Koran, known as webjedi, as she recounts her experience handling a major security breach at the World Bank. She shares insights into the chaotic world of incident response and the emotional toll of cybersecurity crises. Amélie delves into the tense investigation of a potential leaker within the bank, using creativity and tech savvy to unveil sensitive information. Her journey from tech enthusiast to a prominent figure in cybersecurity highlights the challenges faced in protecting institutions from digital threats.
The importance of the blue team in defending networks and the challenges they face in preventing ongoing cyberattacks.
The discovery of an internal leaker within an organization and the efforts to identify and address the security breach.
The thrill and challenges of incident response and the importance of continuous improvement in security measures.
Deep dives
The Blue Team's Battle against Network Breaches
The podcast episode discusses the importance of the blue team in defending networks and shares a story of a defender uncovering a breach in a major bank's network. The blue team, consisting of network defenders, plays a crucial role in stopping or restricting malicious activities in clients' networks. The story highlights the challenges faced by the defender in preventing ongoing cyberattacks, such as tracing the attackers' footsteps and identifying compromised machines. The breach investigation reveals weaknesses in the bank's security measures, including the lack of multifactor authentication, leading to the compromise of the enterprise admin's account and unauthorized access to 30 servers. The incident triggers policy changes, builds incident response capabilities, and highlights the importance of strong passwords and security protocols.
Uncovering the Leaker and Handling Insider Threats
In addition to the network breach incident, the podcast explores the discovery of an internal leaker within the organization. The podcast host shares the story of Emily, an incident handler, and her team's efforts to identify the individual leaking information to the press. They set up a honey pot in a conference room, planted fake information, and observed the leaks from a suspected IT member. Through an analysis of logs and forensic imaging, they were able to pinpoint the leaker, who was collaborating with an internal investigator involved in blackmail. The incident revealed political intrigue and smear campaigns, leading to changes in security protocols, password policies, and stronger user authentication techniques.
Handling a Network Intrusion and Attribution Challenges
The podcast episode explores the investigation of a network intrusion and the challenges of attribution. The incident involved unauthorized access to various servers in a major bank's network. Emily, an experienced incident handler, worked tirelessly to analyze logs, detect compromised machines, and identify the attacker's movements throughout the network. The investigation revealed vulnerabilities, such as the lack of multi-factor authentication, which allowed the initial breach. Although attribution was challenging, indications pointed towards Chinese threat actors. The incident led to significant improvements in security measures, including password audits, policy changes, and the implementation of an enterprise-wide security architecture.
The Thrill of Incident Response and Building Better Security
The podcast explores the thrill and challenges of incident response and building better security. Emily, a seasoned incident handler, shares her passion for handling incidents and the excitement of finding new evidence and piecing together a story during investigations. She highlights the importance of maintaining a calm and transparent approach when handling incidents and shares her experiences from various organizations, including the White House and power companies. She emphasizes the importance of incident response playbooks, security tooling, and continuous improvement in security measures. Emily's diverse career path showcases her expertise in incident handling and her commitment to building better security practices.
The Power of Effective Incident Handling and Response
The podcast episode emphasizes the significance of effective incident handling and response in mitigating cyber threats. It highlights the role of incident handlers, particularly the blue team, in securing networks and administering timely responses to breaches. The discussion revolves around real-life incidents, including network breaches, insider threats, and network intrusions targeting major organizations. It showcases the complexity and challenges faced by incident handlers in identifying attackers, detecting compromised systems, and restoring network security. The incidents covered in the episode underscore the importance of continuous improvement, collaboration, and a proactive mindset in ensuring robust cybersecurity and defending against cyber threats.
What happens when an unauthorized intruder gets into the network of a major bank? Amélie Koran aka webjedi was there for one of these intrusions and tells us the story of what happened.
You can find more talks from Amélie at her website webjedi.net.
Sponsors
Support for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25.
This podcast is sponsored by Navisite. Accelerate IT transformation to respond to new demands, lower costs and prepare for whatever comes next. Visit Navisite.com/go.
