Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/8/2015
10:30 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

5 Reasons You 'Better Call Saul' To Protect Corporate Data

These pop-culture lessons from the entertaining Breaking Bad spinoff will make security awareness training both fun and effective.

HELPDESK GUY: I was a highly respected IT help desk analyst until my boss got infected by some nasty ransomware.

AVERAGE CIO: I thought I knew where my company’s important data was, but then it got stolen.

SOCCER MOM: I was minding my own business, responding to a Nigerian diplomat’s email when my bank account was suddenly drained.

SECURITY EXPERT IN A BIKINI: Better Call Saul!

Who’s the first person who comes to mind when you’re thinking of protecting networks and digital data? Why it’s surely a shady, fast-talking, strip mall criminal attorney in Albuquerque, New Mexico… right?

No? Well, I’m writing this blog to convince you that even a nutty lawyer on a popular TV show can teach you a few new things about information security. At the same time, we can make security learning a whole lot more fun (and effective) by mixing it with pop culture. To prove it, consider these five security scenarios inspired by the popular Breaking Bad spin-off Better Call Saul.

Scenario 1: Scareware. Early in the season, we follow Saul, whose real name is “Jimmy” McGill, driving to his office/home (which is located in the back of a hair salon). Out of nowhere, a skater lands on his windshield claiming broken bones and demanding $500. Good thing Jimmy can spot scammers (likely because he was one himself) and recognizes this as a typical scare extortion tactic.

This trick lives on in the digital age with scareware and “police” ransomware. One tries to convince users that their computer is infected in hopes of tricking them into buying a fake security product. The other tells them that the authorities (usually the FBI) have detected that they’ve done something illegal, but can pay a small fine to get out of it.

Luckily, these sorts of scams are relatively easy for users to recognize. In the same way a real accident victim wouldn’t normally ask for a cash payment, the police wouldn’t be asking anyone to pay a fine by changing the message on your computer’s background. Like Jimmy, if users watch for these basic scare tactics, they will avoid many cyber scams and malware.

Scenario 2: Social Engineering. Jimmy and his partner leave a bar and stumble upon a wallet full of cash. After grabbing the cash, they notice a man passed out in that alley—presumably the owner of the wallet. After looking over the drunken guy, Jimmy quietly takes his watch, while also trying to avoid his partner’s attention. Of course, the greedy partner notices, recognizes the watch as a Rolex, and forces Jimmy to trade the cash, plus a little extra, for the Rolex.

This was a classic example of social engineering. Jimmy’s “partner” was actually the mark, the drunk was his real partner, and the Rolex was a fake. The mark was duped into giving up his own cash for a worthless knock-off watch. Social engineering, the act of deceiving or manipulating someone into doing something they shouldn’t, is a very common practice among digital criminals. InfoSec professionals often focus on the technical nature of cyber attacks and less on the human, psychological aspects of digital crime. This is a mistake! Even if we had perfect technical defenses that could block every attack (we don’t), smart attackers could still become cyber shrinks, and trick users into doing dumb things. Make sure you mitigate social engineering by training your users well.

Senario 3: Insider attacks. Mike, who we first meet as an ornery parking lot attendant, is actually an important character with much history in the Breaking Bad world. In this new series, we learn his son was killed, and he followed his daughter-in-law to Albuquerque. I won’t reveal all the details, but we eventually learn Mike and his son were cops, and some fellow officers killed Mike’s son.

This simple storyline reminds me of insider attacks. Nowadays, statistics tell us that most network attacks originate from external actors. However, that doesn’t mean we should drop our guard against inside attackers. When malicious insiders do attack (and they do) the consequences can be much more devastating, simply because the insider has so much access to our network. Although the majority of insider leaks or breaches are accidental, be sure to have controls in place to catch malicious insiders. Otherwise, you might lose your favorite son (metaphorically).

Scenario 4: Metadata. During episode 3, Jimmy is trying to track down a family that is accused of embezzlement. The police think the family was kidnapped, but Jimmy suspects they have skipped town and might be hiding closer than one might think. He searches their house finding no obvious clues, until he serendipitously notices a stick-figure sticker of a camping family on their minivan. What does that have to do with information security? That sticker is metadata!

The Snowden leaks have revealed to the world that government agencies have performed mass surveillance and gathered petabytes of digital data. The authorities have told us not to worry. They aren’t targeting us specifically, and what they gather is just metadata; it’s not important and doesn’t sacrifice our privacy. Unfortunately, metadata is important and can tell others a lot about you. That simple car sticker told Jimmy that the Kettlemans were campers, which lead him to the insight that they might be camping close by. Likewise, user phone calls and Internet browsing habits tell anyone watching a lot about you.

Scenario 5: Disposal of Sensitive Data. In episode 8, Jimmy found an elder care facility engaged in fraud. In the course of his forensic investigation, Jimmy dove into a dumpster, recovered the paper shreds, and painstakingly remade the incriminating documents. As his brother said, if only the facility had used cross-cut shredding, the case could never go forward.

Network professionals can learn from this. If you or your users handle sensitive data and want to dispose of it, it better be done securely. Cyber criminals dumpster dive for data, too. There have been many cases where companies haven’t properly wiped the hard drives they throw out, or didn't even wipe them at all. Be a “cross-cut shredder” and dispose of your digital data properly.

Okay, so I probably haven’t convinced you that Better Call Saul is all about computer security. But I hope I have at least persuaded you that there are fun ways to pull security awareness lessons from just about anything. Let’s share some more Better Call Saul – or other pop culture -- security awareness tips in the comments.

Corey Nachreiner regularly contributes to security publications and speaks internationally at leading industry trade shows like RSA. He has written thousands of security alerts and educational articles and is the primary contributor to the WatchGuard Security Center blog, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
4/9/2015 | 11:04:59 AM
Re: I'll call Saul
It's a good one, that I will use to explain the concept of metadata to family and friends!
CNACHREINER981
50%
50%
CNACHREINER981,
User Rank: Author
4/8/2015 | 6:41:49 PM
Re: I'll call Saul
Thanks Marilyn. That one was my favorites too... Being that Better Call Saul is already about con men and scammers, the other angles were pretty obvious, but I tend to like the less obvious metaphors. ^_^
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
4/8/2015 | 3:27:04 PM
I'll call Saul
Great idea for user ed! Particularly love your metadata explanation. 
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The State of Email Security and Protection
Mike Flouton, Vice President of Email Security at Barracuda Networks,  11/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18881
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18882
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18873
PUBLISHED: 2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the pa...
CVE-2019-18874
PUBLISHED: 2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.