Companies with valuable intellectual property, financial data, industrial secrets or sensitive political information have been warned to attackers who barely use malware to penetrate at these companies. Dell SecureWorks late in a warning to know.
Almost all studies conducted over the past year Dell used the attackers credentials of the attacked company and legitimate administrative tools to move through the corporate network. The warning Dell provides several examples of attacks in which no or hardly malware was used. For example, a production company recently hacked after attackers had obtained the credentials of an employee and as the Citrix solution of the company could login. The company had no two-factor authentication enabled, so password and user name were sufficient to gain access to internal company data.
Then the attackers used the Altiris management platform for the company to move laterally through the network. Altiris is used to deploy software and updates on company computers. Also in another example, the attack begins with the stolen login information of a worker used to access a Citrix-server is obtained. Then the centralized management server was attacked.This server was used within the company for the deployment of anti-virus software. On the server, the attackers had the malware they wanted to steal data whitelisted. The virus scanners recognized the malware but because it was on the whitelist, which could continue to work.
To avoid getting the advice organizations two-factor authentication to enable all remote access solutions for all employees and suppliers in such attacks. Furthermore, users may not have administrator rights, the use of domain accounts should be audited with elevated privileges and is the last sensitive data on the network is segmented and monitored.
No comments:
Post a Comment