The New Insider Threat Trojan – How to Combat “Delilah”

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Has anyone at your company (or even you!) ever used a work laptop to view adult websites or gaming sites? If so, you need to be aware of a new virus that’s targeting people for blackmail — and adding yet another attack vector that corporations must understand and mitigate in the war against insider threat.
A new Trojan called Delilah goes after individuals via social engineering, using a would-be victim’s webcam to capture compromising footage in order to extort them into an action – such as carrying out deeds that could cause serious damage to their employers.

Diskin Advanced Technologies (DAT), an Israeli threat-intelligence security firm, discovered the Trojan. They reported that the malware is delivered to victims via a hidden bot that downloads from multiple popular adult and gaming sites. The bot then connects to a victim’s webcam and begins recording without their knowledge.

How do you know if you have the Trojan? A telltale sign is a computer screen freezing multiple times for up to 10 seconds at a time. Another sign is seeing error messages when the webcam is activated.

What do you do if you’ve contracted Delilah? In her blog, Gartner Analyst Avivah Litan says, “Surely, to combat Delilah and similar bots, it is especially important to collect and analyze endpoint data and information on VPN usage and TOR connections.”

To this end, there are several ways that experts have recommended to deal with Delilah:

1. Using a web filter or firewall configuration to block adult and malicious websites.
2. Deploy anti-virus and EDR tools to systems on the network.
3. Correlate and feed endpoint output into a SIEM or UEBA system.

Experts agree that one of the best ways to identify insiders on the network that may have contracted the Delilah Trojan is to turn to an Insider Threat Management Solution. Similar to the EDR approach, ObserveIT is a lightweight endpoint solution that is focused on identifying and eliminating insider threats. By continuously monitoring user behavior, ObserveIT alerts IT and Security teams about activities that put your organization at risk. When out-of-policy behaviors occur, on-screen notifications educate users with alternatives that are secure and compliant with company policy and industry standards.

For example, IT and Security Teams can use the out-of-the-box alerts in ObserveIT to effectively dissuade employees, vendors, privileged users and contractors from visiting adult and gaming sites. When an insider either types in or clicks on the offending URL, ObserveIT’s on-screen, pop-up notifications warn end-users against continuing with the action, while simultaneously educating them about the virus and about company policy in regards to such sites.

With organized criminals operating on the dark web, the ability to coerce insiders through blackmail and similar social engineering tactics is a serious issue. With Trojans like Delilah, security teams should expect this type of attack vector to grow in popularity. An out-of-the-box solution like ObserveIT can prevent Delilah from turning your users into threats within your network. Download your free 15-day trial now.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About ObserveIT
ObserveIT is a user monitoring and investigation solution that identifies and eliminates insider threats. It continuously monitors user behavior and alerts IT and Security teams about activities that put their organizations at risk. ObserveIT provides comprehensive visibility into what all users are doing, while meeting compliance standards and reducing investigation time from days or hours to minutes.
Promoted Content
[report] 2018 Cost of Insider Threats: Global Organizations
According to The Ponemon Institute’s report, “2018 Cost of Insider Threats: Global Organizations,” the average cost of an insider threat annually is $8.76 million. It’s critical for organizations to understand the main causes of insider threats, because detecting insiders in a timely manner could save millions of dollars. Depending on the industry and size of company, the cost of an insider threat varies dramatically. Check out the full report to see The Ponemon Institute’s findings, and understand how to detect and prevent insider threats in the future.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?