While Distributed Denial of Service (DDoS) attacks have been around for over a decade, they still continue to evolve and escalate, particularly during 2022. The tense geopolitical situation caused by the Russian invasion of Ukraine has affected the nature and intensity of these types of attacks, making states official participants in the DDoS mitigation market.
The overpass-the-hash attack is a combination of two other attacks: pass-the-hash and pass-the-ticket. All three techniques fall under the Mitre category “Exploitation of remote services.” In an overpass-the-hash attack, an adversary leverages the NTLM hash of a user account to obtain a Kerberos ticket that can be used to access network resources.
The rapid proliferation of cloud technology has empowered organizations to meet complex challenges with innovative solutions. This flexibility, however, is the antithesis of security — each new cloud solution that an organization adopts expands their attack surface.
Mandiant has reported an instance in which a group of North Korean hackers tainted the PuTTY SSH client through a malicious ISO package.
The costs associated with a cyberattack can be significant, especially if a company does not have an Incident Response plan that addresses risk. The one-two punch of a cyberattack can be devastating. There is the breach and then the related mitigation costs. Implementing a comprehensive Incident Response (IR) game plan into a worst-case-scenario should not be a post-breach scramble. And when that IR strategy includes insurance, it also must address a business’s level of cyber risk.
A distributed denial-of-service (DDoS) attack is an attempt to disrupt the normal traffic of a targeted server. This is done by overwhelming the server, service or network being targeted with a flood of internet traffic, ultimately slowing the server down or causing it to crash completely. Think of it as being like a traffic jam, which causes all the cars on a road to slow down or come to a stop.
The market-leading CrowdStrike Falcon® platform, applying a combination of advanced machine learning (ML), artificial intelligence (AI) and deep analytics across the trillions of security events captured in the CrowdStrike Security Cloud, has identified a new supply chain attack pattern during the installation of a chat based customer engagement platform.
In our first post of the series, we looked at ways to detect pass-the-hash attacks, which exploit NTLM authentication within an Active Directory domain. Pass-the-ticket is a related attack that which leverages Kerberos authentication to perform lateral movement. In this post, we will dive into how the pass-the-ticket attack works and what you can do to detect it.
