E5 – The Flies and the Hornet – Swatting Flies

“How’s it coming?”  Marty entered Erin’s office unannounced.  They had spent so much time shuttling back and forth between his desk and her office that they dropped all formalities and decorum.

Erin looked up from her screen.  “Swatting flies,” she said wearily.

‘Swatting flies’ had become their slogan as they tracked down compromised accounts and systems and worked through determining what had happened.  Erin and a few select members of her team had been very busy comparing access logs with vacation schedules, calendars and such to identify any anomalous activity for users.   They spent extra time searching out instances where users were granted more access than they should – an indicator that the attackers may have escalated their privileges.   It was tedious and time consuming work.  Their Identity Governance solution helped greatly but there was a still a lot of data to sift through.

Marty and Greg were busy performing forensics from desktops and other systems.  They had to analyze any malware infections but the bigger issue was ensuring no backdoors were left open for the attackers to return.  Both teams had been working long hours around the clock to seal off every possible angle.

“Are we sure we want to shut everything down?” Erin asked.  “What if we leave open a few special accounts to monitor what they do?  Maybe we can figure out who did this.”

“How long do you want to be swatting flies, Erin?”  Marty answered.  “We already have interrupted work with the network restrictions.  Plus the systems we had to have reimaged.  Plus the file servers that we took offline temporarily for forensics.  Plus…”

“Alright, alright.”  Erin interrupted.  “I get it.  I am just still really P-O’d about this whole thing.”

“The feeling is mutual.”  Marty agreed and took the final swig of his Mountain Dew.

*****

The guard crouched by the fire outside his lonesome post on a small trail cut into the rocky terrain on the outskirts of the Kingdom.  He eyed the incoming individual rounding the bend in the road leading from the Frontier.  The stranger’s horse clipped clopped at a leisurely pace.  While there was nothing suspicious about the figure, the guard was on high alert and he walked up to the gate spanning the dirt path.   The rider stopped at the gate and whipped out a small leather bound folder.  He handed over his credentials to the guard with disdain.  The horse pawed the ground restlessly, anxious to continue the journey.

The guard peered at the credentials.  He ran his finger over the raised seal indicating the bearer was a privileged member of the castle staff.  The stranger looked down on the guard and gave him a patronizing smile.

The guard gazed up at the rider and smiled back.   With a flick of his wrist, he flung the leather bound credentials into the fire and drew his sword.

The horse bucked, raising its front legs toward the guard as the rider yelled.  With a flurry, the horse and rider wheeled violently away from the guard who shielded himself from the dangerous thrashing hooves.

“Stop!” The guard yelled.

A cloud of dust billowed up from the stony dirt as the horse frantically charged back into the frontier, away from the entrance to the Kingdom.

*****

“You said these were good credentials!”  The Maestro bellowed.

“They were when I got them,” The Siren hissed back.

“So why are they not working now?”

The Siren flung her auburn hair and shrugged her shoulders.  “It’s not my fault you sent blundering fools into the Kingdom and they are now getting caught.”

“Idiots!”  The Maestro roared.  He slammed his fist on the table, knocking over an empty wine bottle.  The bottle bounced off the table and rolled across the floor until it rested finally under the massive boot of the Brute.  The Brute, snoring in the corner, was oblivious to the mayhem swirling around him.

“We are getting more and more reports of our men being turned back at the frontier.  Plus those that were already in the castle have been captured and are now stuck in the dungeon.”  The Maestro huffed and puffed, pacing across the room.

“They should have been more careful.”  The Siren countered.

“No.  It isn’t their fault.  The King’s minions are on to us.  I don’t know how they figured it out but they know more than we think.  But we are only losing meaningless flies.”  The Maestro grinned devilishly. “Our hornet is still ready to strike.”

Come back on Tuesday for the next episode!

The post E5 – The Flies and the Hornet – Swatting Flies appeared first on Speaking of Security - The RSA Blog and Podcast.