Posted on May 10, 2019
House Tyrell of Highgarden, whose sigil of a rose, stood as a loyalty-shifting ally rather than a ruling house seeking the Iron Throne. The rose, whose beauty belies the dangerous thorns underneath, aptly describes House Tyrell. Hiding behind a veneer of gentility, the Tyrells often proved themselves a foe to be feared. Similarly, unpatched software and outdated browsers appear to be business enablement allies until they become security foes.
Browser Plugins: The Ser Loras Tyrell
Browser plugins can be both useful and dangerous. Examples of plugins include Adobe Flash Player, Java SE, Microsoft Silverlight, password managers, and popup blockers. A plugin allows the browser to support third-party applications. For example, a password manager plugin enables stronger password hygiene since the user does not need to remember multiple passwords. However, cybercriminals often choose to exploit vulnerabilities in these plugins, particularly Adobe Flash Player. While many browsers can automatically update, not all users realize that the updates require closing out the browser and restarting it. Thus, the seemingly innocent and useful software becomes a threat.
Ser Loras Tyrell similarly acts as an innocent throughout The Game of Thrones. As Renly Baratheon’s lover, he supports the Baratheon claim to the Iron Throne. As such, he helps Renly raise an army to outnumber the Lannisters. Unfortunately, Loras becomes a pawn used by the Lannisters to undermine house Tyrell. Cersei Lannister uses the Faith of the Seven to arrest Loras in an attempt to gain the Iron Throne. She uses Loras as a political pawn, undermining his sister Margarey’s marriage to Tommen Lannister.
Similarly to how Cersei uses the innocent Loras to gain power, cybercriminals use innocent looking plugins to gain entrance to networks.
Spyware: The Margaery Tyrell
Spyware, often called Adware, is software that allows pop-up ads to appear when a user searches the internet. Pop-up windows, such as the ones asking users to subscribe to newsletters, can be innocent or dangerous. Generated by scripting or active content, the windows collect data based on browser user. In some cases, the cookies, or script that track user interaction with a website, can also be considered spyware.
Margaery Tyrell, sister of Loras, marries Renly Baratheon to solidify the alliance between the two houses, fully aware of her brother’s relationship with her husband. After Renly’s death, she flees her husband’s camp and heads to King’s Landing where Loras betroths her to Cersei’s son, Joffrey. Secretly, however, Margaery seeks the Iron Throne for herself. Margaery infiltrates the Lannister home, working quietly in the background to undermine her new family.
Similar to the way in which Margaery utilized insider information to infiltrate the Lannisters through marriage while remaining committed to House Tyrell, spyware works in the background of browsers to infiltrate users and obtain sensitive information.
Operating System Malware: The Olenna Tyrell
Browser security can lead to vulnerabilities that infiltrate operating systems. As users increasingly use browser-based web applications for work and leisure, cybercriminals evolve their threat methodologies. As recently as March 2019, malicious actors found a previously unknown vulnerability, also called a zero-day vulnerability, that websites could use to install malware on computers, affecting the operating systems. Although most web browsers update automatically, users often ignore update prompts because they have many tabs running and worry about losing access to the data.
Olenna Tyrell, the last of the family, earned the nickname “Queen of Thorns” for her blunt attitude. Although the matriarch and not ruler, Olenna’s power over the Reach is undeniable. In her dealings with the Lannisters, Olenna smartly and subtly engages in King’s Landing politics. Protecting her family lineage, she agrees to marry Loras to Cersei and Margaery to Joffrey. However, she secretly poisons Joffrey to prevent her granddaughter from marrying him. Thus, she sets in motion a series of events that lead to disrupting the Lannister’s plans for gaining the Iron Throne.
Similar to Olenna Tyrell’s political gaming and murder, operating system malware acts as an insidious intruder that can cause business operation failure.
Thus, browser attacks can undermine data security controls in the same way that the seemingly innocent yet thorny Tyrells undermine the Lannister grab for the Iron Throne.
Follow us next Friday to see who will win or die in the Game of Cybersecurity.
With hackers finding new ways to attack third-parties in hopes of infecting a larger organization, the third-party ecosystem is more fragile than ever before.
The purpose of IT security risk assessment is to determine security risks to your company’s critical assets, and how much funding and effort should be used in their protection. Get started with SecurityScorecard’s step-by-step guide to managing your cyber risk.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen. The right vendor risk assessment template can be crafted to assure compliance with regulatory requirements.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.