![Indicators of Compromise (noun) [Word Notes] - Hacking Humans cover](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2Ff4681d62-f879-11f0-a0ef-a30dd5f421ac%2Fimage%2F441b0ca2db080b93b935568d381ce462.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=1920&q=75)
Transcript
Dave Bittner (0:02)
You're listening to the Cyberwire Network powered by N2K. If securing your network feels harder than it should be, you're not imagining it. Modern businesses need strong protection, but they don't always have the time, staff or patience for complex setups. That's where Nord layer comes in. Nordlayer is a toggle ready network security platform built for businesses. It brings VPN access control and threat protection together in one place. No hardware, no complicated configuration. You can deploy it in minutes and be up and running in less than 10. It's built on zero trust principles so only the right people can get access to the right resources. It works across all major platforms scales easily as your teams grow and integrates with what you already use and and now Nordlayer goes even further through its partnership with CrowdStrike, combining NordLayer's network security with Falcon Endpoint protection for small and mid sized businesses. Enterprise grade security made manageable Try Nordlayer risk free and get up to 22% off yearly plans plus an extra 10% with the code CYBERWIRE10. Visit nordlayer.com cyberwire daily to learn more.
Rick Howard (1:38)
The word is Indicators of Compromise. Spelled indicators as in signs of activity and of compromise as in an intrusion. Definition. Digital evidence that a system or network has been breached. Example sentence the indicators of compromise alerted the organization that an adversary was inside the network. Origin and context in order to block bad guy activity or detect that a bad guy is in your network. Security practitioners have used the concept of indicators of compromise since the Internet was Young. Prior to 2010, they relied on technical lists of known bad guy things like malicious IP addresses or URLs, MD5, hashes of known bad guy, malicious code and known bad guy domains, just to name a few. They were passive and had no connection to the sequence of steps that hackers have to take to be successful. They were just lists of odds and ends, big collections of digital artifacts to block and to watch out for, and were prone to false positives. These low resolution indicators are not bad per se, but they are ephemeral and hackers can easily change them at the drop of a hat and do. By the time infosec teams deployed countermeasures, the the bad guys had likely already changed their behavior. In 2013, MITRE released the first version of the MITRE, ATT and CK framework that, among other things, expanded the original concept of the Lockheed Martin Kill chain paper. They added ttps, the tactics, the why, the techniques used, the how, and the specific implementation procedures the adversary group used to deploy the tactic that intelligence is not as Ephemeral is tied to known adversary group behavior and is conducive to designing impactful countermeasures. With These more useful TTPs, network defenders can forecast a confidence level of how likely their network has been compromised by a specific attack sequence. For example, according to Tidal, a company that operationalizes MITRE attack intelligence, the Middle east hacker group called mole rats uses 17 TTPS in their adversary playbook. If network defenders observe one of them, say, forged Microsoft code signing certificates in malware, then the chances that the hackers behind the mole rat's attack sequence are quite low. Many hacker groups use that technique. It's only one indicator of compromise out of a possible 17. But if those same network defenders observe 15 of the 17 mole rat TTPS, then the chances are high that the hackers behind the mole rat's attack sequence have compromised your network. Nerd reference in the fabulous BBC retelling of the Sherlock Holmes story, Benedict Cumberbatch played Sherlock and Martin Freeman played the sidekick Dr. John Watson from 2010 to 2017. In this classic murder scene setting, Sherlock lays out all the indicators of compromise to a detective and to Watson about why the victim was murdered and didn't commit suicide. Mainly because he was left handed by and they found the bullet hole in the right temple.