From Hacking to Logging In: The Rise of Legitimate Account Use in Cyberattacks.
It's likely that you've heard the saying, "These days, hackers don't hack anyone." They sign in.
An attacker can establish access to a system, stay hidden, and then escalate their privileges to "log in" to to more areas of the network by gaining (or stealing) genuine user account details.
Regrettably, using legitimate accounts is commonplace in the threat landscape. Talos saw it as the second-most prevalent MITRE ATTACK method in 2023, is an example. Using legitimate accounts was a factor in 26% of all Cisco Talos Incident Response engagements from the previous year.
Most businesses believe that "the outside in" will be the source of cyberattacks.
Attacks that log on with legitimate accounts adopt a more "inside-out" approach. After gaining initial access, the attacker is inside the network covertly and has a greater chance of avoiding discovery while attempting to advance laterally. particularly in the case of an unsegmented network. In summary, while taking advantage of a vulnerability can lead to early access, authorized credentials enable the adversary to move laterally while remaining undetected.
REMEDIATION:
As an IT administrator, make sure you are configured to perform network-wide lateral inspection. Instead of just examining bound traffic. This will lessen the likelihood of attackers attempting to move laterally.
Adopt a defense-in-depth strategy so that other defenses can identify anomalies and intrusions even if one part of your security is compromised.
Make sure dormant accounts are removed from the network by conducting regular audits.
By doing this, attackers will be less likely to attempt gaining access covertly through dormant accounts.
As the second line of defence: In order to particularly address the risk of unlawful use of valid accounts, review and update security policies and procedures. Set-up a guidelines that covers for creating and deleting accounts, managing passwords, and setting access restrictions.
Conduct regular audits of user accounts to identify and disable dormant, unused, or unauthorized accounts. You develop security awareness program that educates employee about dangers of phishing attacks and safeguarding credentials.
We deploy a Zero Trust security Model.
Furthermore, make sure you deactivate the accounts of those who have departed your company and take away their remote access (i.e., via the VPN).
No comments:
Post a Comment