Companies with valuable intellectual property, financial data, industrial secrets or sensitive political information have been warned to attackers who barely use malware to penetrate at these companies. Dell SecureWorks said in a warning.
Almost all studies conducted over the past year Dell used the attackers credentials of the attacked company and legitimate administrative tools to move through the corporate network. The warning Dell provides several examples of attacks in which no or hardly malware was used. For example, a production company recently hacked after attackers had obtained the credentials of an employee and as the Citrix solution of the company could login. The company had no two-factor authentication enabled, so password and user name were sufficient to gain access to internal company data.
Then, the attackers used the Altiris management platform for the company to move laterally through the network. Altiris is used to deploy software and updates on company computers. Also in another example, the attack begins with the stolen login information of a worker used to access a Citrix-server is obtained. Then the centralized management server was attacked. This server was used within the company for the deployment of anti-virus software. On the server, the attackers had the malware they wanted to steal data gewhitelist. The virus scanners recognized the malware but because it was on the whitelist, which could continue to work.
In order to prevent these attacks get organizations to the recommendation two-factor authentication for all remote access solutions and for all employees and vendors set up. Furthermore, users may not have administrator rights, the use of domain accounts should be audited elevated and must be segmented and monitored as last sensitive data on the network.
No comments:
Post a Comment