The Importance of Identifying and Focusing on the Malicious Behavior

malicious activity behaviorIdentifying malicious behavior is a more effective long-term strategy than trying to block individual malicious actors, according to Johnathan Hunt, Vice President of Security at GitLab. On the CyberWire’s Hacking Humans podcast, Hunt used the example of trying to stamp out malicious activity, particularly cryptojacking, that cropped up in GitLab code repositories.

“For probably several years in my career, I noticed that the operational team that would lead would attack the bad actors, whether it was through trying to block IP addresses, whether it was just trying to block the specific activity that they were trying to do or exploit, the scans they were running,” Hunt said. “And then we would continue to see the same behavior over and over – whether it came from different IP addresses, whether it seemed to come from different types of profiles, whether it came from different areas within the service itself or the application itself. And we quickly realized that that's a losing battle. Like, you're not going to win playing defense.”

Hunt said he realized that this strategy was ineffective, so he switched to looking at the behavior itself.

“And so it was at that time my philosophy had changed to, we should ignore the person, and we should go after the behavior,” he said. “We should go after the activity. We should be looking at what it is that they're trying to do, what - the control they're trying to circumvent, the types of attacks that they're using, the areas of the application that they're looking to expose. And how can we address the problem? How can we get to the root of the problem and address that behavior within the product or service that we're offering?”

Hunt’s organization then created tools that could automatically detect and block cryptomining activity based on its underlying characteristics, rather than manually hunting down every user who abused the platform. Hunt also noted that focusing on behavior can help organizations defend against accidental or unexpected adverse events.

“And I also want to point out that it doesn't have to be malicious activity from the outside, although that's probably what you would think of first, right?” he said. “Mice are nuisances, right? So yes, we did have nuisances within our service. We did have a nuisance from external forces interacting with our service, trying to exploit our platform, trying to compromise our services or customers. But it could also be internal behaviors that we're looking at, right? It doesn't always have to be malicious. It could be unintentional bad behavior that originates from employees, from the way we build services to the way that we code the platform or the application itself.”

One crucial area in which organizations can focus on defending against behavior is user education. New-school security awareness training can keep your employees up-to-date on current phishing trends, but more importantly, it can educate them about fundamental social engineering tactics so they can thwart new or unfamiliar attacks.

The CyberWire has the story.

Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Save My Spot!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews