What many who are not information security-savvy may think is that the attack surface of an organization is confined to simply the organization network. Unfortunately, this is not true. In reality, organizations often engage in business with third-party partners that exposes the organization to possible exploitation.
This article will detail what the trusted relationship attack is, some real-world examples of this attack, how to detect trusted relationship attacks and tips for how to mitigate trusted relationship attacks.
What is the trusted relationship attack?
Attackers can breach or leverage organizations that let third-party partners have access to their network. It is customary in some industries and businesses to grant their third-party partners access to network resources in the course of their business relationship. Examples of third parties that would be granted this access include IT contractors, managed service/security providers and infrastructure service contractors.
It is this valid account (based upon a trusted relationship) used by the third-party partner that may be lost or otherwise compromised, thereby opening up the organization to attackers’ prying hands.
Sometimes, third-party access is granted via Virtual Private Network (VPN) or private network circuit. Logistically speaking, this expands the organization’s attack surface boundary to all of their third-party partners that have this elevated access.
MITRE and ATT&CK
MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base — including cybersecurity.
To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based upon real-world observations. This information can then be used as the basis for the development of threat models and methodologies for cybersecurity product/service community, private sector and (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/iS-l14IP_6A/