April 19, 2022
Good morning, everyone!
The latest critical vulnerabilities:
Anatomy of an Attack
A series of poor cybersecurity decisions meant the victim didn't notice intruders on their network - until more sophisticated attackers arrived.
Boy, this story is chock full of “lessons learned.”
Novice hackers who didn't know what they were doing spent months inside a government agency network without being detected – before higher-skilled attackers came in after them and launched a ransomware attack.
It turns out that:
- The initial attack happened through open RDP ports on the Internet (don’t do this)
- The breached RDP account wasn’t just a standard user but a domain administrator
- Multi-factor authentication wasn’t in use (always do this)
- Apparently there was no Intrusion Detection System (IDS) in use
- No one was monitoring network activity
- No one was auditing user accounts
Log data suggests that the attackers were regularly disappearing for days at a time before returning to look around the network, occasionally creating new accounts to gain access to other machines. [...] But after four months, the attacks suddenly became more focused and more sophisticated. […] The intruders repeatedly dumped new account credentials and created new accounts in order to continue their attacks. The logs were also wiped repeatedly, in what could have been an attempt to cover their tracks.
More lessons learned from the SolarWinds breach
1. While organizations must have fundamental security measures in place, it is also important that an organization have a security culture, that employees understand ... this "security mindset," and have a real awareness of the Company's efforts around security.
2. Organizations should ensure that their public statements related to security are accurate, not misleading, and regularly updated in response to relevant events.
3. It is important for boards and management to heed the advice of their own security advisors.
Wow. Lots to think about.
Go forth and be secure! and have a great week.
Talk to you again soon!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺
TNE. Cybersecurity. Possible.Speak with an Expert