Trent: Welcome back to TechScoop, thankyou for joining us now today I am joined by an exceptionally special guest Mr Ryan Economos from Mimecast. Thanks for joiing us Ryan, good to see you again.
Trent: Now over the past couple of videos we’ve been talking about the Anatomy of an attack. We started out by talking about attack vectors. We were talking about shotgun versus sniper rifle approach then we talked about the kind of research that goes into creating both of those types of attacks I suppose. Then this week I want to talk about what a successful attack looks like.
Ryan: Awesome so I guess there’s a number of outcomes due to a successful attack and the first one id say is something that’s immediately noticeable to the organisation. So something where you know piece of ransomware or malware gets installed and locks out file systems based on what the users have access to corrupts you know laptops, desktops etc within the organisation. That can have a huge impact from a monetary value perspective if the organisations not fortunate enough to have a good backup, which for many organisations tends to be the case they may very well have to pay that ransom if the data is absolutely critical. Even if they were able to recover from backup there’s the lost productivity time, so the lost productivity time of the user sitting at the keyboard and the productivity time of the IT department having to have to do that restoration. The second type of outcome could be something like compromised account. So perhaps something that’s not necessarily immediately noticeable, but you’ve been impacted by something the attacker is now sort of using whatever you’ve done to be able to attack perhaps your address list and spam outbound. So those spams outbounds can obviously cause reputational damage to that organisation especially if it contains things like you know malicious links or weaponized attachments as part of them. To the recipient this is someone who you’ve likely had communication with in the past so you’re essentially a trusted sender so whilst there may not be an immediate impact that’s noticeable to the organisation. Obviously that flow on effect and reputation damage can be huge.
The last one I would say is around credential harvesting, we’re seeing this more and more and that attack again can be one that goes unnoticed for an incredibly long period of time. So if a user is fooled into providing their credentials across to the attacker – they could gain access to your internal systems. They could have access to your data, files they could take that information away from the organisation. They could delete or corrupt that information.
They’ve also potentially got the ability to intercept internal communications that are taking place, they can gain further intelligence for launching another attack on that organisation. So there’s a couple of different outcomes and I’m sure there’s more that we could talk about. But they’re some of the key common outcomes that we see.
Trent: Okay so from what you’ve just mentioned it seems like there are 2 main outcomes I suppose. That’s what’s immediately visible that you can see in an instant, like your ransomware the things that you were discussing there. Then there’s the longer term ones, which are also detrimental to most businesses.
Ryan: Arguably more detrimental to the organisation. Rather than just deleting some files, it’s a long term, slow burning process.
Trent: I think we’ll park it there for this week. That’s us looking at the anatomy of an attack from how it starts to what the effects of a successful attack would be. Ryan thankyou for joining us, I really appreciate it and I’m sure that everyone out there appreciates it as much as I do.
Thank you for watching and until next time we’ll see you soon.