THE BLOG
-
Apr 19, 2021Threat Hunting 101
As cybersecurity professionals, it is important to understand real-world threats facing your organization. Although there are plenty of tools and technologies to help identify thousands of possible vulnerabilities, threat hunting helps narrow these down into more realistic probabilities, and also helps you formulate appropriate countermeasures.
Threat hunting is a process that organizations of almost every size should engage in. Based on your organization's industry, it will help identify who likely attackers are, their methods, and their motivations (e.g., information, money). This is a critical component to ensuring that you understand the gaps that your organization may have and strategize the best ways to secure the organization.
At the end of the day, how can you stop what you do not understand? Understanding the common points of attack and methods in play by routine threat-hunting is an important part of a holistic cybersecurity program.
Her... ( Read More )
-
Mar 11, 2021Attackers on the Inside
We perform penetration testing on organizations that often use the latest and greatest tools in security defense, yet our testing sometimes goes unseen. The key to detection and defense? Security layers. If you assume your primary defense does not work, what is its backup? How do you spot activity based on the original outlined phases of an attack if your primary tooling is inadequate? Layers!
Let us focus on the period during which threats are attempting to expand within your network, laterally, after having gained access. Expansion is possible both for ransomware and for individual attackers. Both wish to make the most of their efforts and obtain the greatest levels of success which often involves searching for additional targets.
There are several ways to look for this type of movement, such as reviewing network logs or looking for unexpected connection attempts to different devices. Unfortunately, while academically possible, the reality is that not every organizatio... ( Read More )
-
Feb 11, 2021Attack Frameworks 101
We follow a pretty standard pattern for gaining access within a Network Penetration Test (aka pentest) – recon, exploit, escalate, expand, execute. First, we look at the environment for any exposed information or misconfigured systems. Next the goal is to gain control or access to a resource using known methods or exploits. From there, we shoot to obtain as high a privilege level as possible. Once we have the appropriate levels of access, we can expand laterally looking for targets or data. When we have achieved a level of control on an environment equal to our goals, we execute our intended goals. This is a straightforward high-level process with a not-so-straight-forward multitude of steps in between. The uniqueness of the path between each step is what can make detection difficult for security teams and SOC’s watching the wheel.
Threat groups and malware campaigns use similar approaches to the above. Understanding that attack and infiltration methods of a pe... ( Read More )
-
Jan 11, 2021MFA – A requirement, no longer a choice.
If you do not have Multi-Factor Authentication (MFA) in place yet, get a move on! If by some chance you have selected this post to read and do not understand MFA let us provide a brief definition.
MFA – sometimes known as 2 Factor Authentication – requires users to sign in with two out of three of the follow credential types – something you know (e.g., password), something you have (e.g., application on your phone), or something you are (e.g., fingerprint).
While many organizations have made the shift to using MFA, there are still some that are struggling to get this technology in place – due to timelines, budgets, or just overall understanding of its benefit. Today, it is no longer a nice-to-have to implement MFA, it has really become a requirement. A layer that is a must have for all institutions. Phishing campaigns have made it easy business for attackers to gain cred... ( Read More )
