https://community.isc2.org/t5/Threats/What-are-you-doing-about-Insider-Threats/m-p/38687#M74 <P>Hi All</P><P>&nbsp;</P><P>A very different twist on ransomware from the inside out.</P><P>&nbsp;</P><P><A href="https://www.wired.com/story/tesla-ransomware-insider-hack-attempt/" target="_blank">https://www.wired.com/story/tesla-ransomware-insider-hack-attempt/</A></P><P>&nbsp;</P><P>What is your organisation doing about thwarting this type of threat?</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute-Cautim</P> Mon, 09 Oct 2023 09:37:45 GMT Caute_cautim 2023-10-09T09:37:45Z https://community.isc2.org/t5/Threats/What-are-you-doing-about-Insider-Threats/m-p/38687#M74 <P>Hi All</P><P>&nbsp;</P><P>A very different twist on ransomware from the inside out.</P><P>&nbsp;</P><P><A href="https://www.wired.com/story/tesla-ransomware-insider-hack-attempt/" target="_blank">https://www.wired.com/story/tesla-ransomware-insider-hack-attempt/</A></P><P>&nbsp;</P><P>What is your organisation doing about thwarting this type of threat?</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute-Cautim</P> Mon, 09 Oct 2023 09:37:45 GMT https://community.isc2.org/t5/Threats/What-are-you-doing-about-Insider-Threats/m-p/38687#M74 Caute_cautim 2023-10-09T09:37:45Z https://community.isc2.org/t5/Threats/What-are-you-doing-about-Insider-Threats/m-p/38783#M75 <UL><LI>removing administrator privilege from the user at the desktop</LI><LI>ensuring the PCs and storage servers have additional defenses, such as updated antivirus and / or EDR</LI><LI>we're not doing this, but blocking international IP ranges may be useful</LI></UL><P>I haven't really heard a good defense at the firewall level, other than signature-based detection or anomalous encrypted exfiltration detection</P><P>&nbsp;</P><P>But if a user is privileged enough, and if the data pool is large enough, and the servers are poorly hardened... that is a pickle, ennit?</P> Mon, 31 Aug 2020 15:08:44 GMT https://community.isc2.org/t5/Threats/What-are-you-doing-about-Insider-Threats/m-p/38783#M75 ericgeater 2020-08-31T15:08:44Z https://community.isc2.org/t5/Threats/What-are-you-doing-about-Insider-Threats/m-p/38805#M76 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/136236425">@ericgeater</a>&nbsp;wrote:<UL><LI>we're not doing this, but blocking international IP ranges may be useful</LI></UL><P>&nbsp;</P><HR /></BLOCKQUOTE><P>It might be if the C&amp;C server IP is located in another Country. This can get unruly pretty quickly, based on my experience, depending on how many Countries you block/allow. I've had Windows 10 machines try and pull updates from Dublin, Ireland just as an example.&nbsp;</P> Mon, 31 Aug 2020 15:52:26 GMT https://community.isc2.org/t5/Threats/What-are-you-doing-about-Insider-Threats/m-p/38805#M76 tmekelburg1 2020-08-31T15:52:26Z https://community.isc2.org/t5/Threats/What-are-you-doing-about-Insider-Threats/m-p/39010#M84 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/136236425">@ericgeater</a>IP Reputation or Geolocation blocking may also be useful too.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_cautim</P> Sun, 06 Sep 2020 06:08:54 GMT https://community.isc2.org/t5/Threats/What-are-you-doing-about-Insider-Threats/m-p/39010#M84 Caute_cautim 2020-09-06T06:08:54Z