Recently, MixMode’s Head of Federal, Matt Shea, wrote an article for DarkReading titled, “Superhero Loki Lurks Like a Zero-Day Threat.”
The following is an excerpt from that article.
Superhero Loki Lurks Like a Zero-Day Threat
The Marvel creation may just be the perfect example of a zero-day attack with no signature.
Loki on Disney+ is a fun new show that pulls back the curtain on the new multiverse aspect of the Marvel Cinematic Universe (MCU), with infinite timelines where almost anything that could happen has happened somewhere. It gives fans the “What if?” of many comic book conversations over the years: What if this character got away with the infinity stones? What if that event never happened, or the bad guys won? You get the picture.
All this timeline chaos apparently doesn’t sit well with the newly introduced Time Variance Authority (TVA), which is empowered to remove all the characters behaving differently than the desired, sacred timeline. Let’s call this timeline the baseline of outcomes that are supposed to happen in the eyes of the TVA. Anyone not falling in line with that is considered a “variant” that shall be removed, or “pruned” from the timeline.
We learn early that the Loki we have seen since the first Thor movie is just one of countless possible versions of him out there. Due to the events in Avengers: Endgame, he finds himself taking a path divergent from what we were originally shown. This deviation leads to him being branded a variant and captured by the TVA.
What does this have to do with cybersecurity? Well, Loki might just be the perfect example of a zero-day attack or attacks with no signature.
No Rules
The TVA is tasked with monitoring the sacred timeline and is alerted when branches start to crop up due to variant behavior. They only have a few minutes to break out their TemPad to open a Timedoor and swoop in to save the day before permanent damage is done.
A more perfect analogy of the overworked security operations center team might not exist.
Just like the SOC analyst, the TVA has to find these threats and remove them as quickly as possible. Let’s say you are tasked with being this TVA agent and are told you need to search all the timelines (an almost infinite number of them) and find all the Loki variants to have them removed.
Being a good analyst, you decide you are going to write a query or set of rules to find them. You start out with a general description of the Loki we have seen for years. Tall guy, long hair, looks like the actor Tom Hiddleston. You then run that query and get a number of hits.
Continue reading this article here.
MixMode Articles You Might Like:
What is Zero-Day Attack Identification?
MixMode Featured In Latest Gartner Report on Emerging Trends in Network Detection and Response
What is SIEM and How Has It Evolved?
Ransomware: The $20 Billion Cybersecurity Problem
The Top 5 Zero-Day Attacks of the 21st Century
In Case You Missed It: 2 Cyber Expert Webinars Now Available On-Demand