Insider Threat Management

How to Combat “Delilah” - The New Insider Threat Trojan

Share with your network!

Has anyone at your company (or even you!) ever used a work laptop to view adult websites or gaming sites? If so, you need to be aware of a new virus that’s targeting people for blackmail -- and adding yet another attack vector that corporations must understand and mitigate in the war against insider threat.

A new Trojan called Delilah goes after individuals via social engineering, using a would-be victim’s webcam to capture compromising footage in order to extort them into an action – such as carrying out deeds that could cause serious damage to their employers.

Diskin Advanced Technologies (DAT), an Israeli threat-intelligence security firm, discovered the Trojan. They reported that the malware is delivered to victims via a hidden bot that downloads from multiple popular adult and gaming sites. The bot then connects to a victim’s webcam and begins recording without their knowledge.

How do you know if you have the Trojan? A telltale sign is a computer screen freezing multiple times for up to 10 seconds at a time. Another sign is seeing error messages when the webcam is activated.

What do you do if you’ve contracted Delilah? In her blog, Gartner Analyst Avivah Litan says, “Surely, to combat Delilah and similar bots, it is especially important to collect and analyse endpoint data and information on VPN usage and TOR connections.”

 To this end, there are several ways that experts have recommended to deal with Delilah:

1. Using a web filter or firewall configuration to block adult and malicious websites.

2. Deploy anti-virus and EDR tools to systems on the network.

3. Correlate and feed endpoint output into a SIEM or UEBA system.

One of the best ways to identify insiders on the network that may have contracted the Delilah Trojan is to turn to an Insider Threat Management Solution. Similar to the EDR approach, Proofpoint ITM is a lightweight endpoint solution that is focused on identifying and eliminating insider threats. By continuously monitoring user behaviour, Proofpoint ITM alerts IT and Security teams about activities that put your organisation at risk. When out-of-policy behaviours occur, on-screen notifications educate users with alternatives that are secure and compliant with company policy and industry standards.

For example, IT and Security Teams can use the out-of-the-box alerts in Proofpoint ITM to effectively dissuade employees, vendors, privileged users and contractors from visiting adult and gaming sites. When an insider either types in or clicks on the offending URL, Proofpoint ITM’s on-screen, pop-up notifications warn end-users against continuing with the action, while simultaneously educating them about the virus and about company policy in regards to such sites.

With organised criminals operating on the dark web, the ability to coerce insiders through blackmail and similar social engineering tactics is a serious issue. With Trojans like Delilah, security teams should expect this type of attack vector to grow in popularity. An out-of-the-box solution like Proofpoint ITM can prevent Delilah from turning your users into threats within your network. Download your free 15-day trial now.