If you’ve been following the news over the last 6 months or so, you may have noticed an uptick in articles related to Critical National Infrastructure (CNI) security legislation. You may have also seen more reports of cyber-attacks against a wider variety of targets by entities other than criminal elements seeking financial gain. Why is that?
We are now seeing cyber attacks being utilized by nation states and radical elements to achieve attention, potential physical dominance and access to intellectual property. What previously had only been simple probing of security weaknesses has evolved into actual concerted warfare against real targets that affect real US citizens on a daily basis – more or less. For proof, visit any Internet news source and you’ll see that the victims of these cyber-attacks include financial and government targets, as well as providers of critical infrastructure.
The Rise of Cyber Attacks – What Has Changed?
Cyber attacks have ratcheted up to the nation-state level. At this level of opponent competence, anti-virus/anti-malware products – as well as firewalls and intrusion detection solutions – are a waste of time and money. They’re totally ineffective.
Toady’s cyber attacks are crafted on a per-user basis, but on a mass scale, and are designed to compromise a subset of systems within an organization. The objective is to gain access to the internal network via a set of valid credentials (the higher privileged the better), and then jump from machine to machine gathering more credentials and access.
It appears that the attackers have a good understanding of common IT security weaknesses such as default passwords, blank passwords, common passwords, shared passwords, and the use of public password spreadsheets on shares.
I’ve also seen use of the pass-the-hash technique to allow attackers to utilize in-memory credentials to achieve connectivity to other systems.
Stay Ahead of Cyber Attacks with Privileged Account Management
If an organization regularly changes passwords, keeps credentials unique for each system, and automates the management of privileged account passwords so that there is minimal disclosure for a limited amount of time for a specific purpose, then the threat is minimized.
With this in mind, I’ve seen some very interesting outcomes from my company’s customers. Some of our customers who are under active 7/24 attack have begun using our privileged identity management products to rotate all passwords every 8 to 24 hours. This has created a nasty problem for attackers: not only are they limited to only one compromised system, but even this access is terminated automatically.
Just to be clear, I am not suggesting that every organization adopt the strategy of continuous high-frequency password changes. But for some of our customers, the ability to keep nation-state attackers at bay by frustrating their attempts has been a very satisfying outcome for us all.
Thanks for reading. I’d like to hear your take on this issue. Please leave a comment below.