Tony UcedaVélez: Mailicious & 2020 review

Tony UcedaVélez: Mailicious & 2020 Review

Tony UcedaVélez is the Founder and CEO of security consulting firm VerSprite, based in Atlanta. He founded VerSprite after working in the IT and information security space for nearly a quarter of a decade.

Tony UcedaVélez: Let’s take a look at another big concern. And that’s mail.

Now militias a good play on, you know, malicious and mail is the rising concerns around spear phishing. And, you know, just as you know, it seems like every day we get new endpoint assets that have been compromised through business email compromised or through other different attack vectors on the endpoint.

And the mail is a favorite conduit because it’s easy to impersonate a target victim. Just what we’re seeing is that fishes are getting a lot better. There are threat actors that are doing their homework, and that they’re doing their homework on their target users. Maybe by role, you know, maybe they are accounts payable, maybe our insurance claims management, maybe they are just an administrative function. And so by getting some level of like context of those roles, what they’re trying to do is impersonate and perpetrate individuals in the workforce.

So they can basically ask the target victims for information or maybe get them to do things that they shouldn’t be doing. So there’s definitely been an evolution of campaigns that really attackers are using to basically establish good intel on how to dupe their victims. Looking at social media, they’re buying data lists on target victims, you know, things like that. And still, it’s the number one, you know, the threat for according to the Verizon DBR data breach incident report, which we’ll take a look at some samples right now.

So looking at that specific report on this is a 2020 year review. So 2020 year in review, we look at some things that are important to bring into where we are today in terms of the pandemic, where we are today in terms of the remote workforce.

So healthcare in terms of actual breaches, which is basically unauthorized access of information or information resources or systems. And you have here, you know, total 521, if you do a quick eyeball, on the total amount of the total breaches across different industries, you see that healthcare has a good healthy amount compared to others, I think there’s really the unknown category, which is an amalgamation of different smaller, maybe sub-industries is the only one that basically is displacing the healthcare industry.

And then, of course, you know, finances up there very near to healthcare, but healthcare is still a hot area, why they’re not as mature as the financial sector, they’re not in terms of commitment, time investment, etc. And so we have, we have to make sure that we understand that healthcare is still very much a major target, and remote workforce makes it, you know, makes healthcare organizations be more susceptible to being targeted.

And so now that we understand that, you know, there are interconnected components, IoT devices, and networks, routers, you know, devices that are all sharing the same logical space cybercriminals know this, and they’re going to be trying to do some level of lateral attacks trying to get into some medium, get some recon in the local home network in order to basically evaluate whether or not they have you know, a target asset that is within one of these industry sectors, namely the healthcare sector. Looking at further some, some things related to actually, you know, what, let me go to this one here.

The summary of different patterns that we want to look out for incidents really relates to, you know, this is now looking at incidents. So before we looked at breaches, these is security incidents that have affected you know, you know, that the healthcare industry and the bulk of the patterns that have really motivated the threat actors is really they want to profit from the information. And crimeware is the number one really conduit for really gaining information, you know, on to healthcare systems and trying to extract personal protected health information and things like that.

And so we look at crime where and then miscellaneous aerials, miscellaneous errors, we’ll get into that in a second. But crimeware as we if we think about remote workforce, again, it goes back to that endpoint, it goes back to those network components that are adjacent and that are neighboring to those laptops, it goes back to even the vehicle like email. So we have to look at those fronts as where the battles are being waged. And we have to ask ourselves, what are we doing adequately enough in order to protect on those fronts against some of these things? miscellaneous errors is a close second and really relate to mistakes by configuration.

And this is something I really want to say that’s really important off Sometimes like major healthcare entities, even healthcare product companies, what they do is they do what I call Noah’s Ark security. They buy a to have everything, and they implement it all very, very, very poorly. There are many very large fortune 50 organizations in healthcare, that have the budget to buy, you know, the, you know, the Magic Quadrant type of, you know, vendors that are out there. But the configuration is lackluster. They don’t have the time or the resources or the expertise to implement and so there’s a lot of mistakes in these types of organizations. And they don’t go unnoticed by the cybercriminals and they realize this and are banking on it.

Watch every minute of Tony UcedaVélez's session here.

Learn more about Paubox Spring Summit, Secure Communication During a Pandemic.

Read a full recap of Paubox Spring Summit. Learn more about Tony UcedaVélez.