Passwords are everywhere — and nobody likes them. For users, they are a pain to remember and manage. For businesses, they continue to be a primary source of data breaches, both on premises and in the cloud. In fact, the 2022 Verizon DBIR reports that credential theft was involved in nearly half of all cyberattacks, including third-party breaches, phishing attacks and basic web application attacks.
Knowing the credentials for any user account in your network gives an adversary significant power. After logging on as a legitimate user, they can move laterally to other systems and escalate their privileges to deploy ransomware, steal critical data, disrupt vital operations and more. Most organizations know this, and take steps to protect user credentials.
In the introductory post of this series, we reviewed what an Active Directory (AD) service account is, explained why these privileged accounts are a serious security risk, and promised to detail 4 types of attacks on service accounts in future posts. This post explores the first of those attacks: LDAP reconnaissance, which attackers can use to discover service accounts in an IT environment while avoiding detection.
In the first post of these series we showed how an adversary can discover Active Directory service accounts with PowerShell, and the second post demonstrated how to crack their passwords using the Kerberoasting technique. Now let’s see how an attacker can exploit a compromised service account using Kerberos Silver Tickets to forge TGS tickets.
In Greek mythology, Kerberos is a multi-headed dog that guards the gates of the underworld. The Kerberos meaning in technology is analogous: Kerberos is an authentication protocol guards the network by enabling systems and users to prove their identity to one another before access to resources is granted. Read on to learn how Kerberos authentication works and get valuable tips for avoiding issues.
Malware attacks are escalating. For example, there were 57 million IoT malware attacks in the first half of 2022, a staggering 77% increase year to date. Unfortunately, traditional signature-based antivirus and sand-boxing technologies are insufficient against today’s sophisticated attacks. In particular, advanced persistent threat (APT) viruses, Trojan malware and zero-day malware often evade these defenses.
A port can be defined as a communication channel between two devices in computer networking. So, are there any security risks connected to them? An unwanted open port can be unsafe for your network. Open ports can provide threat actors access to your information technology (IT) environment if not sufficiently protected or configured correctly. Case in point: in 2017, cybercriminals exploited port 445 to spread WannaCry ransomware.
Insider threat incidents have increased by 44% over the past two years, and the cost of an incident now tops $15.3 million, according to the 2022 Cost of Insider Threats report from Ponemon. To defend against this pressing security — and business — risk, organizations need a comprehensive insider threat detection strategy. This article provides extensive guidance to help you get started building an effective program.
Insufficiently protected open ports can put your IT environment at serious risk. Threat actors often seek to exploit open ports and their applications through spoofing, credential sniffing and other techniques. For example, in 2017, cybercriminals spread WannaCry ransomware by exploiting an SMB vulnerability on port 445. Other examples include the ongoing campaigns targeting Microsoft’s Remote Desktop Protocol (RDP) service running on port 3389.
Cybercrime has become more prevalent since the start of the COVID-19 pandemic. Indeed, 81% of organizations worldwide experienced an uptick in cyber threats and 79% suffered downtime due to cyberattacks during peak season, according to a 2021 report by McAfee Enterprise and FireEye. Attacks have also become more complex. IBM and the Ponemon Institute report that the average time to spot and contain a data breach in 2021 was 287 days, a week longer than in 2020.
