Attivo Networks Blogs

Let’s Talk Turkey: Addressing the Most Common Data Breach Causes

Reading Time: 4 minutes  |  Published: November 25, 2020 in Active Directory, Blogs, Cloud, Event, Internal Threats

Authored by: Carolyn Crandall, Chief Deception Officer, Attivo Networks – It’s turkey time again, and even though Thanksgiving may look a little different this year, some things stay the same. Large gatherings of friends and family may not be in the plans, but hopefully, your dinner table will still be overflowing with stuffing, mashed potatoes, and, of course, turkey (and maybe some tofurkey).

But the bird on your table isn’t the only turkey worth talking about this year. Black Friday and Cyber Monday are looming, and cybersecurity professionals know that these major shopping holidays always bring along a huge increase in cyberattacks. Thanksgiving is a time to enjoy good food and (normally) good company, but business and IT leaders can’t lose sight of the dangers of the season. It’s important to understand how cybercriminals are getting into networks—and which cybersecurity tools can help you avoid feeling like a turkey on the Thanksgiving Day chopping block.

Insider Threats Are Not Going Away

According to data released by the Ponemon Institute earlier this year, the number of incidents caused by insider threats has risen by 47% over the past two years, while the cost per incident has risen a worrying 31%. Insider threats remain a significant concern for businesses, and with employees, partners, and vendors all working remotely amid the COVID-19 pandemic, the potential for both malicious and accidental insider threats has only risen.

Deception technology has long been considered one of the most effective ways to combat insider threats. Attivo’s Insider Threat Detection technology helps identify and remediate threats caused by policy violations, employee error, third-party island hopping, mergers and acquisitions, and more. Using this technology, defenders can detect unauthorized attempts to access privileged information or assets, even if those attempts use with valid credentials. Speaking of which…

Network Visibility Helps Keep Vulnerable Credentials Safe

When the average person hears the word “cyberattack,” chances are they think of the Hollywood version of a “hacker”: a hoodie-wearing 20-something furiously typing away and muttering about “mainframes.” Unfortunately, most cyberattacks are much more straightforward. The 2020 Verizon Data Breach Investigations Report (DBIR) found that 80% of hacking-related breaches are not caused by attackers using cunning new tactics to evade network security tools but rather by brute force methods or the use of stolen credentials. Far too many organizations are either failing to protect their credentials or not using passwords that meet security and complexity requirements.

Mandating the use of stronger credentials is a great step in the right direction, but there may still be exposed credentials sitting on endpoints. It’s essential to have tools in place that provide visibility into the network, identifying these exposed credentials and remediating them. The Attivo Networks attack path visualization tool, called the ThreatPath solution, can help users visualize attack paths, detect vulnerable credentials, and defend them through effective remediation. It’s a critical tool to add to your arsenal to deal with an increasingly significant problem.  It’s also a tool that can provide great insights, even if you don’t have a mature visibility program.

Keep an Eye Out for Signs of Social Engineering

Outright theft isn’t the only way credentials fall into the hands of cybercriminals—sometimes, users just hand them over. Cybercriminals have become very good at social engineering, which involves manipulating their victims’ trust by misrepresenting themselves. Social engineering might come in the form of spear-phishing attacks, business email compromise (BEC) scams, and other tactics, but they usually involve either getting a user to hand over their credentials or authorizing a payment or information transfer of some kind. It’s a good deal for attackers: they don’t have to figure out how to infiltrate a network, just convince users that their request is legitimate.

As it turns out, human beings are fallible, so it’s no surprise that these attacks are notoriously difficult to stop. That said, it’s crucial to have the right tools in place to stop attackers when they attempt to use those stolen credentials. Tools like the ThreadDefend platform can detect abnormal usage of even valid credentials, tipping off defenders that an attack is in progress before the attackers can do any damage. Since adversaries often use social engineering to kick off ransomware attacks, having a plan to detect their in-network movements and attempts at gaining privileges is increasingly essential.

The Cloud Is Great, but it Requires Vigilance in Protecting it

Speaking of human error, misconfigurations are an overly common problem related to cloud operations. It’s not hard to understand why—the massive shift to the cloud, especially amid the influx of new technology including containers and serverless functions and increasingly complex access control levels, has made systems considerably more challenging to secure and maintain with correct configurations.

The cloud is no turkey, of course—its value is clear at this point. But it has forced many security teams to change the way they operate, utilizing overlapping security controls capable of filling in the gaps in coverage created by multiple interacting systems. Tools like the ThreadDefend platform are critical here as well because they not only identify misconfigurations but also provide early and high-fidelity alerts when detecting discovery, privilege escalation, and data collection activities of intruders.

Be Ready to Mislead Attackers Targeting Active Directory

Active Directory (AD) is a popular target for attackers, primarily because it represents a treasure trove of valuable information. If attackers can compromise AD, it’s straightforward for them to gain additional privileges and escalate their attacks—and since the vast majority of businesses use it, attackers know just where to go. That said, AD can be challenging to secure, posing a bit of a conundrum for defenders.

Thankfully, deception and concealment technology has helped solve this problem by hiding real objects and feeding false information to attackers when they query AD. The great thing about this technology is that attackers have no way of knowing that the data they gather is inaccurate—and when they attempt to use it, they’ll give away their presence to defenders who can isolate them and observe and record their attack tactics and patterns.

Be Merry, but Be Vigilant

These aren’t the only attack vectors that cybercriminals use, but they are some of the most popular—especially this time of year. Thanksgiving is a good time to be grateful for some of the new and innovative cybersecurity tools on the market today, especially those that reduce the risk of ransomware, insider threats, and other notoriously difficult to stop attacks. To a savvy attacker, a vulnerable network is as attractive as a Thanksgiving dinner with all the fixings. However, by integrating a layered defense into your security stack, you will be able to keep your networks safer and know faster when these unwanted guests attempt to disrupt your holiday season.

No Comments

Post a Comment

nineteen − 7 =