Tony UcedaVélez: Evolving Attack Surface Tony UcedaVélez is the Founder and CEO of security consulting firm VerSprite, based in Atlanta. He founded VerSprite after working in the IT and information security space for nearly a quarter of a decade.
Tony UcedaVélez: Alright, so this is actually a great resource I borrowed from Paubox. And so you can check out their blog.
This is referenced down below in, you know, the evolving attack surface, you know, as we look at different types of threat vectors, and we look at different types of social engineering vectors, this, this flavor of attack, through social engineering is still a predominant and favorite for many cybercriminals, hacker syndicates nation-states, or even your just script kitty as this affectionately termed, which is the individualistic hacker that is just looking to make a profit here on there.
So you know, you have multiple different mediums, and let’s cover a couple of the social engineering threat vectors for a second. So you have, you know, obviously your SMS messages, you have instant messages, you know, through messenger WhatsApp, you know, Slack, discord, private, you know, channels, public channels, all of these types of software’s could be running on the endpoint that is actually being used for work purposes.
So, it’s you know, as we look at the image there, you have a lot of different types of interconnected devices on a corporate remote network, that may not be on a VPN may be encrypted may not be encrypted, maybe running as an elevated user may not be running as an elevated user, you know, may or may not have all the adequate Endpoint Protection. So there’s a lot of layers to security and this is where truly the metaphor of the security onion right defense in depth really comes into place.
When when we’re talking about the room, remote workforce, landscape for cybercrime, you know, we look at some of the things that are programmatic threat factors like drive-by downloads, drive-by downloads right here. You know, this happens over websites, you know, you’re on your computer, you’re taking your lunch break, maybe you’re catching up on a news feed, maybe you’re catching up on your favorites, like online sports, you know, a spot for information.
And the reality is that hackers are now looking to be more aggressive by doing malvertising by doing drive-by download by doing like, you know, targeted ads carry malware again now advertising and so all these things affect the browser which runs on the laptop, which could be running with elevated privileges and not enough controls. So as you see, you know, the layers become quickly defeated in the castle that is the endpoint, which is the battleground for remote office work.
Watch every minute of Tony UcedaVélez's session here.
Learn more about Paubox Spring Summit, Secure Communication During a Pandemic.