Real World Risk Management Practical HR Resources
welcome
Are you a new user?
REGISTER HERE





RETRIEVE PASSWORD

Why Implementing "Zero-Trust Principles" Can Help Prevent Credential Hijacking

According to cybersecurity firm CrowdStrike's annual report, cybercriminals are relying less on malware and more on credential hijacking, leading to cyberattacks that are more difficult to detect. 

 

The report states that 68 percent of detections during the previous three months were not malware-based. Rather than writing malware to the endpoint, cybercriminals are using legitimate credentials and built-in tools (living off the land) to achieve their objectives.

 

The shift is a deliberate effort "to evade detection by traditional antivirus products," the report said.

 

The report describes an attack scenario identical to the attack on IT management firm SolarWinds. It notes that cybercriminals used "compromised credentials to access an internal code sharing repository." The hackers used the compromised account, which contained source code for a legitimate software that the organization delivered to its customers, to perform discovery and file interaction that gave them "the potential opportunity to maliciously manipulate the software before delivery to end users."

 

The report also states that, over the past year, hackers have become quicker at moving "from an initially compromised host to another host within the victim environment." The process takes an average of one hour and 32 minutes, which is three times faster than during the previous year. Thirty-six percent of successful cases only took 30 minutes. 

 

The report is based on data from CrowdStrike's customer base, which is indexed by Threat Graph, covering the period of July 1, 2020, through June 30, 2021. Mariam Baksh "Report: Hackers Shift from Malware to Credential Hijacking" nextgov.com (Sep. 08, 2021).

Commentary

The Cybersecurity and Infrastructure Security Agency and the Office of Management and Budget (OMB) recently issued guidance on implementing security systems based on the concept of zero trust.

The zero-trust principle requires constantly checking and verifying the identity of users and employing tools, such as multifactor authentication, that make it more difficult to impersonate a legitimate account. Using zero-trust tools protects your organization from cyberattacks in which hackers impersonating an employee, rather than using malware, to gain access.

A recent memo issued by the OMB recommended that agencies meet the following five zero trust security goals:

 

1.   Identity – Use phishing-resistant MFA to protect personnel from sophisticated online attacks targeting access to applications.

2.   Devices – Maintain a complete inventory of every device authorized for workplace use and be able to detect and respond to incidents on those devices.

3.   Networks – Encrypt all DNS and HTTP traffic and segment networks around applications. Identify a workable path to encrypting email in transit.

4.   Applications – Treat all applications as internet connected and routinely subject applications to rigorous testing and external vulnerability reports.

5.   Data – Deploy protections that use thorough data categorization. Take advantage of cloud security services to monitor access to sensitive data. Implement enterprise-wide logging and information sharing. Aaron Boyd “Biden Administration Releases Draft Zero-Trust Guidance” www.nextgov.com (Sep. 07, 2021).

 

All organizations should work with their cybersecurity team to implement zero-trust principles to protect their networks and data from the growing threat of credential hijacking.

Finally, your opinion is important to us. Please complete the opinion survey:

Lax Password Practices Continue To Put Employers At Risk

Employees continue to ignore best practices for protecting and selecting passwords. What can be done to change the pattern?

read more

Employee Training Continues To Be The Best Medicine For Ransomware Exposure Prevention

A recent cybersecurity report shows how ransomware has become the most significant malware threat. Read how employee training is your best prevention tool.

read more

The Right And Wrong Way To Monitor Employee Internet Use

A recent announcement creates controversy over privacy rights. Employers often use technology to monitor employees. However, they must do so wisely. Read more.

read more

Why Implementing "Zero-Trust Principles" Can Help Prevent Credential Hijacking

With cybercriminals relying less on malware, organizations must protect their networks, devices, and data with zero-trust security. Learn more.

read more