Written by Dave Stelzl CISSP

Remember Stuxnet? It’s Back…Newton’s 4th Law Perhaps?

canstockphoto36882341Stuxnet Brought Disaster to Something That Needed to Die…

Why do Your Clients Need You?  After all, The Customer Is Always Right. Right?…Or Are They?  But before we get to that…

Iranian Nuclear Weapon Developments…Remember Stuxnet? The malware sent to DESTROY the Iranian Centrifuges?

When Stuxnet was unveiled, I predicted it would be back. STUXNET IS BACK!!!!

The developers claimed that Stuxnet would self-destruct after sabotaging the Iranian threat…of course the self-kill part of the program couldn’t be completely tested (for obvious reasons).

Everything that goes online eventually turns up in the WRONG hands.

It’s like a new Newton’s Law or something. (In case you’re really into science and think Newton’s Gravitational Law is his 4th, it’s not…but this might be).

Moving on…

Malware In Memory Is Nasty Stuff

Kaspersky discovered some really nasty stuff about two years ago; MALWARE in MEMORY. “Kaspersky eventually unearthed evidence that Duqu 2.0 (the never-before-seen malware) existed and was derived from Stuxnet.” Duqu is a form of malware stored primarily in MEMORY…

Malware in memory (not in a file) is called FILELESS, and according to security analysts, this type of threat is going MAINSTREAM.

Just to give you a feel for how bad this is, it took Kaspersky 6 months for detect Duqu 2.0…that’s bad news for anyone trying to keep systems free from hacker invasions.

According to Kaspersky, “At least 140 banks and other enterprises [across about 40 different countries] have been infected by fileless malware to date.” Meaning, these banks have been successfully infiltrated by an in-memory malware nearly invisible to their IT people (or service providers).

Of course, since this nasty-code is so hard to detect, the actual number has to be much larger.

So far, these attacks seem to be aimed at ATM machines, with the purpose of moving money out of the bank and into the hands of thieves. Stuxnet was unstoppable, simply because it was a surprise attack. FILELESS Malware is one more example of hacker-innovation being one step ahead. The criminals have the advantage.

Insight: Your Client Has No Idea What They Have or What They Need

Once again, it makes NO sense to ask your client if they are infected with malware or need more security. Unless it’s an obvious YES, they don’t know. How could they.

For the past month I’ve been writing about messaging and attracting new leads (Did you get our FREE Special Report Designed to Attract New Prospects?). Once leads start coming in, your job is to educate…

Just yesterday I was on a coaching call. My client was retelling her sales story of meeting with a new prospect. Supporting her call, she had her local channel SE.

When it came time to review their recommendations, the SE asked the prospect, “Do you need this firewall to have failover?”

The prospect said, “No”.

…the SE said, “Okay.”

My client was shocked!!! How does the prospect know what they need???

When my client questioned the prospect’s maximum tolerable downtime (MTD) it became evident – this company would be dead in the water if their firewall were to go down during business hours. Hundreds of people sitting at their desks with nothing to do. How much would that cost the company? Can you picture it?

Is the client always right? Sure, except when we’re talking security…Your clients need an advisor. So be one…

P.S. Remember, The Trusted Advisor is….Trusted (recommends the right stuff) and able to advise (knows things the client doesn’t know, but needs to know).

P.S.S. If you need more leads, download this special report designed to attract business leaders in need of security!!!!

© 2017, David Stelzl

 

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s