CyberInsights Weekly #14

Your weekly dose of learnings from cybersecurity news

I. The dark knight rises?

Trickbot, that evil botnet, has an adversary.

Someone has been trying to trick Trickbot into changing the bots command and control server to 127.0.0.1.

Is this a case of taking the attack to the attackers? Did we miss the Bat Signal?

CISO Check:

Is it time to look at offensive cybersecurity practices?

At what point does ‘offensive’ cybersecurity cross the legal line?

II. Insider threats - the Shopify breach

Two rogue members of Shopify’s customer support team, compromised customer transaction records of about 200 merchants.

The cybersecurity industry is abuzz with solutions to prevent it. From Zero Trust to UEBA, everyone claims to have the silver bullet.

One thing we can tell you for sure! The solution is not in buying the next shiny new tool

CISO Check:

Do you have tools in your organisation that will detect rogue activities of legitimate privileged users? - DAM? PIM? PAM? UEBA for admins?

What controls have you implemented to prevent a privileged insider attack?

III. Quote of the week

Cyber weapons are in a way, the perfect weapons. They get the job done, they are cost effective and they are deniable. - Mikko Hypponen, F- Secure.