Three categories of Insider Threats:
Malicious insiders
Theft of IP
Sabotage
Espionage
Negligent Insiders
Ignoring policy and procedures
falling for phishing or social engineering attacks
Misusing or oversharing privileges
Accidental insiders
Accidental disclosures of sensitive info (e.g., emails, file uploads)
Loss of devices
Unintentional installation of software
Systematic ethical decisions
Employees who have people problems.
Many corporations are blocking the usage of personal applications entirely (e.g., google, webmail, drop box, etc) and also adding additional levels of system monitoring like Proofpoint ObserveIT activity recording.
Tools used to abuse Insider Threats
Anonymity Tools - VPNs
??????
Anonymity Tools - Browsing
Thanks for pointing out TAILS "The Amnesiac Incognito Live System". I have heard of it but never used it.
"Recently the Afaaq Electronic Foundation (AEF), an arm of the Islamic State who are dedicated to “raising security and technical awareness” among jihadists, published their advice on how to avoid law enforcement surveillance. Their message was broadcast on Telegram, with a message of “Stay calm and use strong encryption”: It provides a focus on the three T’s which are cause law enforcement to lose sleep: Tor, Telegram and Tails OS." (Buchanan, 2018).
The TAILS feature to wipe memory seems pretty bullet-proof. The main forensic evidence for CD-booted filesystems are gathered through memory analysis. The TAILS memory wipe feature adds an additional hurdle to the investigator in that they would have to capture memory while TAILS is being used.
"By automating forensic memory analysis of RAM, Digital Forensics Solutions has provided investigators with a method to completely reconstruct a live CD-booted filesystem. Recovery of the filesystem not only allows for standard forensic process to be followed, including the recovery of all relevant evidence, but it also allows for the evidence obtained and the results gathered to be used in a legal setting. Through the development of the Volatility memory analysis plug-in, the anti-forensics power of live CDs has been greatly diminished, and analysis of these systems is now possible for investigators of all skill levels." (Case, 2011).
To add even more security TAILS started supporting secure boot in 2020.
"However, until today, despite the plethora of security and privacy features it possessed, Tails did not support UEFI Secure Boot setups. Users who wanted to use Tails on a computer had to disable Secure Boot in the computer's BIOS, leaving their devices vulnerable to firmware tampering that could later compromise the communications carried out through Tails. According to the Tails website, work began on adding Secure Boot to Tails six years ago (Links to an external site.), and starting with Tails 4.5, released yesterday (Links to an external site.), users can now safely enable Secure Boot and run it alongside Tails, out of the box, without having to do anything or run complicated workarounds." (Cimpanu, 2020)
References
Buchanan, B. (2018, August 2018). The 3T challenge for digital forensics: Tails, Telegram and Tor. Medium. Retrieved September 10, 2021 from https://medium.com/asecuritysite-when-bob-met-alice/the-3t-challenge-for-digital-forensics-tails-telegram-and-tor-8d800c42af15 (Links to an external site.)
Case, A., Pfeif, D. (2011). Evidence Technology Magazine. Forensic Investigation of Live CDs. Retrieved September 10, 2021 from https://www.evidencemagazine.com/index.php?option=com_content&task=view&id=735&Itemid=50 (Links to an external site.)
Cimpanu, C. (2020, April 8). Tails, the security-focused OS, adds support for Secure Boot. ZDNet. retrieved September 10, 2021 from https://www.zdnet.com/article/tails-the-security-focused-os-adds-support-for-secure-boot/
References
Johnson, J. (2021, January 21). Most common data exfiltration behaviors during insider threats in the United States in 2020. Statista. Retrieved August 21, 2021 from https://www.statista.com/statistics/1155846/most-common-data-exfiltration-insider-threat-types-usa/
Comments