E5 - The Flies and the Hornet - Insect Bites

Feb 02, 2016 | by RSA

A cool breeze whisked through the window causing the scrolls on the Wizard's desk to rattle and tremor. The wise man shifted a large scroll to weigh down some loose papers. He reallocated a heavy paper weight to secure some more papers. The weather had turned cold but the Wizard enjoyed the brisk air flowing through his office. He needed the invigorating draft to cool the perspiration gathered on his furrowed brow. It wasn't exertion causing the sweat but an intense trepidation as he waited for his guests to arrive.

A tiny flurry of activity in the corner of his eye caught his attention. An insect buzzed in the window gliding on the currents of the breeze. Strange that the insect was so active this time of year, the Wizard thought. The Wizard mused at the haphazard path of the little bug, watching until it settled on his desk. He snapped up a scroll, swatted and was pleased to see his reflexes were still as quick as a much younger man.

A shuffle of feet roused his attention and he saw the shadows of his peers traipsing in the corridor outside his door. One by one, the King's Council walked through the entrance taking their places at the Wizard's large round meeting table. The Wizard sighed heavily and stood. One look at his face by his friends and colleagues told them the story. They silently waited for the Wizard to begin.

The CISO of MagnaCorp cleared his throat as he organized his notes before him. He sat staring at his handwritten notes and fiddling with his pen. His peers, sitting around the conference table, could immediately tell by his demeanor that the normally composed executive was flustered.

"Dave, just jump into it." CIO Stan Masters stated. The Chief Information Officer had broad shoulders, thoughtful eyes and a bushy beard. He was a problem solver, a thinker and a man of action. As the leader of MagnaCorp's massive technology division, he had significant responsibilities in every corner of the business. Through his innovative and visionary leadership, MagnaCorp was a cutting edge company when it came to leveraging information technology. Hesitation drove him crazy since his preferred mode of operation was to simply throw the challenge on the table and wrestle it to the ground.

"Alright," Dave nodded emphatically. "Here it goes. We have uncovered a fairly substantial security breach. My team has been working on the investigation and we have verified that there has been a series of compromised administrative accounts through a variety of attacks. I have activated a response team that is now identifying systems and pulling everything apart."

There was a collective pause as the room tensed.

The Chief Compliance Officer, Sheryl Waters, broke the silence. "Do we know what has been accessed? What data has been compromised?"

As CCO, Sheryl's duty to establish policy and ensure proper business practices across MagnaCorp was a serious challenge. With operations in every corner of the world, the CCO must make sure MagnaCorp stayed out of trouble with regulators and industry watch groups. However, she carried out this role with vigor being a stickler for following the rules. Her mantra "Rules were NOT made to be broken" set the standard for all of MagnaCorp. Her immediate concern was whether personal information had been compromised.

Dave shook his head. "As of now, there is no indication that attack has breached any personal information or any financial data."

The CCO breathed a sigh of relief.

Rick Katchman, the Chief Audit Executive, interjected. "But we are still investigating, right? We can't take that off the table at this point."

Rick had a reputation as a curmudgeon within MagnaCorp but his dedication to making the company a success was legendary. While he pushed his fellow executives constantly, questioning business practices and raising risks, his motive was simple - make MagnaCorp the best company in the world.

"Correct, Rick. We are tracking every lead and diligently deconstructing the access logs. Trust me. We have our best people working this problem."

The executives all began talking at once and the room became filled with sound.

Dave held up his hands. "Okay everyone. I know. I know." He stated forcefully. "You have lots of questions. But this is not something new for us. We are not unprepared. Let's get back on track."

The group settled down and gave Dave the floor.

"Let's go through what is happening now. My security team is closing holes and quarantining systems. Most of the administrative accounts that were compromised have already had passwords changed. Additionally we will be shutting down access to some external sites to ensure data exfiltration is denied. This will cause some issues with internal employees and we need to control the message. We will be executing several layers of plans."

"But before we go any further into what will be happening though, I need to discuss an extra sensitive matter." Dave paused to ensure he had full attention. Every face turned toward him. "We believe we may not be the end target of this attack. Recent indicators show that we could possibly be just a launching point to the ultimate target - vNextGen."

Author: RSA

Category: Research and Innovation

Keywords: Advanced Persistent Threats, Advanced Threats, APT, Enterprise Security, Incident Response, Risk & Compliance (GRC), Risk Management, Security Mini-Series, Security Short Stories