Written by; John Walsh
No one really knows who my parents are or where I came from. Some say my father was a Nigerian con-artist, but in my mind he is prince who happens to enjoy spear phishing. Others say my parents were SSHPsychos from China. The version about where I came from which I like the least is the rumor about an office romance which really was the result of some accidental download when Bob from accounting was convinced he was downloading a spreadsheet attachment from HR. This story might make you WannaCry, but rest assured it is only the beginning. My name is Cyberattack and this story is not about where I came from. This is the story of where I am going.
Mr. and Mrs. Fortune 500, when you accidentally brought me into your business, your home, and whether you realize it or not I am now your responsibility. It is simply not enough to protect the perimeter of your business environment; you must also secure the internal network with Zero Trust. This is because once inside your business, I deftly used common privileged elevation techniques to gain access to and use any and all of the unprotected credentials you have laying around to gain access to critical infrastructure. As I gather more credentials from those machines I am able to Land and Expand across your business until I have access to everything. This includes source code hosting repositories, websites, domain name services, and dedicated servers.
I can now exfiltrate all of your source code, customer records, intellectual property, designs, bank records, and anything that makes you a business. I can bypass your Digital Loss Preventions (DLP) systems and firewalls by using the same encryption credentials I stole to impersonate anyone and encrypt all data as I move it out of your business. Now that I think about, this could kill a Fortune 500, but don’t blame me. Your negligence and procrastination have enabled me. I simply did what I was born to, what my parents taught me.
As I said before, it doesn’t matter where I came from or how I got in because once inside your business I was able to move from system to system and take whatever I wanted, turning what was once an issue on one machine into an enterprise wide crisis.
This short story can have a different ending and it is not all doom and gloom. You can take measures to help protect yourself. To learn more, visit the following pages about monitoring encrypted traffic and controlling credential access and credential sprawl in the cloud or on-premises
This is a Security Bloggers Network syndicated blog post authored by John Walsh. Read the original post at: SSH Blog