We discuss how securing Active Directory and helping employees recognize common attack methods are key to reducing cyber risk to your organization in and out of the office
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
Outpost24 webinar - Enhance user security to stop the cyber-attack cycle
1. Outpost24 Template
2019
Enhance User Security to Stop the Cyber-Attack Cycle
Bob Egner Darren James
Outpost24 Specops Software
Classification: Open
November 23, 2021
3. • Identify and manage
cyber-security
exposure
• Full stack security
assessment
• Pen testing and Red
teaming
3
• Manage digital risk
as quickly as the
threat landscape
changes
• Automated and
targeted cyber-
Threat Intelligence
• Protect your business
data by blocking weak
passwords
• Authentication &
Password
Management
• Desktop Management
solutions
Outpost24 Group
5. Disruption
Verizon’s brand for digital natives
No stores, app for all customer care
Hacked accounts compromised by credential stuffing
Theft of phones, disruption to users, impact to reputation
BillyPenn.com – INSTAGRAM / @KC_TINARI / #BILLYPENNGRAM, November 10, 2018
5
14. • 61% of breaches involve
credentials for initial access
• Over 15 billion compromised
credentials in hacker forums
• Increasing use of password
spray attacks targeting
privileged cloud accounts
14
Delivery - initial access
Verizon Data Breach Investigation Report (DBIR), 2021
15. pass·word en·tro·py
ˈpas-ˌwərd ˈen-trə-pē
• Is the measure of password strength
or how strong the given password is.
It is a measure of effectiveness of a
password against guessing or brute-
force attacks.
15
• Hard to brute-force passwords
longer than 8 characters
• Easier if you sniff network
traffic for hashes and compare
to “easy to guess” hashed
passwords
• Or – just buy compromised
credentials
Password entropy
https://www.geeksforgeeks.org/password-entropy-in-cryptography/
16. Shrink the attack surface
• No such thing as “perfect security”
• Objective is to slow the attacker down
• Evaluate exposed services
• Patch regularly
• Manage access
16
18. “Over 80% of breaches involve
brute force or lost and stolen
credentials”
Verizon’s Data Breach Investigations Report
“Over 70% of employees
reuse passwords at work ”
18
19. Attacks against
passwords are a way to
breach a network
AND a data source that
can be sold for future
attacks
Cyber attacks involving passwords:
• Brute force
• Key logging
• Phishing
• Social engineering
• Ransomware
• Supply chain
• Dictionary
• Password spraying
• Credential stuffing
Cyber threats and user access
19
20. • Colonial Pipeline was breached on
April 29, 2021
• Hackers gained access through a VPN
account that was no longer in use, but
still active
• The VPN password was found in a list
of leaked passwords on the dark web
• There was no MFA in place on the VPN
Critical infrastructure breach
20
21. Securing user access
• Implement MFA where possible
• Security awareness training and enforcement
• Secure user passwords
• Block breached passwords
• Tell users why their chosen passwords fail
• Implement passphrases
• Use a password manager
Best practices
21
22. • Audit your Active Directory passwords via a
simple scan with Password Auditor
• Identifies accounts using leaked passwords
• Accounts with blank passwords
• Accounts sharing the same passwords
• Accounts not requiring passwords
• …and many more
• Results available in interactive dashboard
• Export to CSV and detailed PDF
• More secure and easy to implement
• World class support
• Updated regularly
Getting Started: Free Audit
22
25. Takeaways
Risk - Focus on potential disruption to your business
Hygiene - Constantly work to reduce attack surface
Users - The most common vector for initial access
Try it – download the Password Auditor
25
Hinweis der Redaktion
Verizon’s new low-cost brand “Visible” for digital natives
No stores, online only – No customer care phone service, only text and chat
Victim of credential stuffing attack (credentials purchased through an Initial Access Broker (criminal)
Take over user accounts - order phones, disrupt users
Besides customer disruption, stolen phones, it’s a reputation issue for parent Verizon who has built a brand around cyber security expertise
Annual Verizon DBIR (Data Breach Investigation Report)
Because it was credential stuffing, Verizon denies it was a breach
Explosion of ransomware
from CryptoLocker in 2013 to REvil in 2020 and Dopplepayment in 2020
Constantly in the news
Common elements – first access, then spread, and demand a double extortion > expose data, hold data for ransom
Factoids about average cost / payment (Verizon DBIR)
Organizations that have a cyber security staff may be familiar with this framework of activities
But many are looking for an easier way (buy your way out) with security technology
Or even outsource to a managed security provider
But the starting point is good security practices that can be implemented by IT teams of any size
The focus is often split by the type of technology asset you need to evaluate
For the user area, we often think of access control – do we have something in place to limit access
But the human dimension is harder to evaluate
What do you own, where is it weak, what are you going to do about it?
The objective is to “shrink the attack surface” to make it harder for the attacker to get in
There is no such thing as perfect security
To save time / cost, you have to focus on what’s important to the business and things you can fix
Types of threat actors
Nation-state: motivated by geopolitical outcomes
Cyber criminals : profit motive
Hacktivist: ideological
Terrorists: ideological violence
For the lulz (thrill seeker): satisfaction
Insider: discontent
Getting in (delivery, exploitation) and exfiltration (mission goal) are not the hard (or time consuming parts
Assume you will be attacked, and they will be successful – what next?
Focus on dwell time
Industry stats show 3-7 months, we have worked with clients experiencing multiple years
Some of you may owner fewer security tools than the hacker has in their arsenal
TTPs – Tactics Techniques and Procedures
Ex. token stealing and pass-the-hash, or Windows Management Interface (WMI) and Mimikatz
NotPetya used some code / concepts from Mimikatz to accelerate spread (delivery)
Initial access attacks – according to Verizon (DBIR 2021 fig 20)
Phising – gain access by tricking user
Stolen credentials – using known credentials to “walk right in”
The former is address by security awareness training (partner AwareGO)
The latter by monitoring for compromised passwords
Exploitation is moving files (for extortion) to a temporary location and encrypting those on the endpoint
https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2017/ransomware-analysis-executions-flow-and-kill-chain
https://www.alertlogic.com/assets/checklists/Ransomware_KillChainShort.pdf
A few months ago, I saw a figure of 15 billion compromised credentials and passwords were for sale on hacker forums (5 billion of which were unique)
Initial access broker (criminal)
Couple that with the average user with over 100 services, each requiring a user name and password (I have 134 in my password manager)
Reuse at work and home is likely – this is the beginning of the password management challenge
Average cost $15-$20 per credential (bank/financial average more)
Direct access to organizations through administrator credentials are even more, averaging over $3000
Last month Microsoft DART (Detection and Response Team) issued guidance about an increasing number of password spray attacks targeting privileged cloud accounts
Password complexity – use passwords of more than 8 characters (12 is good) or passphrases where you can reach 32 characters
Common practice to use “easy” passwords on the internal network because users think they are well-protected in their castle – low entropy
Superior cracking method can make hundreds of thousands to millions of hash calculations per second on ordinary PC equipment