According to haveIbeenpwned.com, close to 8 billion accounts have been compromised. The site provides a tool to see if any of your passwords have been compromised and are available on the dark-net. Once passwords are compromised, they are easily exposed to bad actors who can use them for brute force attacks and credential stuffing.
In the past year, we have seen numerous publicly traded corporations (Marriott and T-Mobile), airlines (Cathay Pacific and Delta), and tech companies (Facebook and Google+) all breached because of some type of insider threat or compromised credentials. So, it’s no surprise that insider threats and preventing credential compromise are growing concerns for organizations.
Stolen or compromised credentials pose well-known risks to organizations and their employees. And as hackers and other malicious actors become more advanced and sophisticated in their techniques, the global threat is increasing. At a recent IT security conference, I spoke with a customer about an alert (TA18-276A) that the United States National Cybersecurity and Communications Integration Center (NCCIC) released late last year. The alert, titled “Using Rigorous Credential Control to Mitigate Trusted Network Exploitation,” outlines recommendations on how to overcome these challenges. In this blog, I’ll discuss how Conditional Access and detection of malicious use of tools and protocols can address the NCCIC’s recommendations.
The alert provides information on how Advanced Persistent Threat (APT) actors are using multiple mechanisms to acquire legitimate user credentials. Once acquired, attackers can use the credentials to exploit trusted network relationships, in order to expand unauthorized access, maintain persistence, and exfiltrate data from targeted organizations. Some of the suggested NCCIC best practices for administrators to mitigate these threats include rigorous credential controls and privileged-access management, as well as remote-access control and audits of legitimate remote-access logs.
Penetration testing is a critical best practice for virtually any organization’s cybersecurity posture. By putting defenses to the test against trained offensively-minded professionals, organizations can gain deep insights into how they’ll fare against real attackers. Often, the challenge is that the results are not what you would have hoped. When pen testers are able to carve through your defenses at will, it can be discouraging and hard to know where to start.
Corporate boards widely recognize due diligence as a critically important component of the M&A process, particularly when it comes to vetting financial numbers and legal obligations. The stakes are enormous: The value of worldwide mergers and acquisitions totaled $3.6 trillion in 2017, according to Thomson Reuters. Globally, M&A activity is increasing and could reach record highs in 2018.
Last week, I was on the road speaking with CISOs across the country. One theme emerged loud and clear: Virtually all of the organizations have invested a lot in security tools and solutions, but despite their investment, they struggle with getting a complete view of user access across platforms. So, with that, I’d like to share how our customers have been able to overcome this common challenge to gain a more holistic view of users and identity within their organizations.
It’s never been more important for retailers to harden their cybersecurity posture— especially given the documented trend of intensified attacks on retailers during the rapidly-approaching holiday season. We’re excited to attend the 2018 Retail Cyber Intelligence Summit in Denver and look forward to learning from and sharing perspective with the R-CISC community, including some of the top retail companies in the world.
After an organization has been breached, one of the most critical steps to take is to determine the root cause and to take active steps to more proactively protect the business. Recently, Preempt was brought in to help a Fortune 500 company with a critical internal threat situation. A malicious actor was able to move laterally within the company’s environment, threatening its international brand, financials and customer relationships. Capitalizing on lessons learned during and after incident response provides immediate and long-term benefits to prevent future breaches. These takeaways can also provide valuable advice for other companies who are looking to improve their security posture and prevent business critical attacks. Here, we’ll share the story and outline the top three lessons.
Companies today are exposed to many threats and incident response (IR) teams have to respond to both real or suspected breaches. Incidents can include credential compromise, phishing, malware in the network, Denial of Service (DoS) attacks, zero day threats, and unauthorized changes to the network, hardware or software to name a few. Many organizations will also hire a red team, which is specifically hired to try to create actual attack scenarios to expose attack surfaces and test for network vulnerabilities. This all keeps an IR team pretty busy.