MITRE ATT&CK vulnerability spotlight: Valid accounts


The MITRE Corporation is a non-profit, federally-funded research and development center (FFRDC) that, among other things, performs cybersecurity research and development. One of the cybersecurity products that has come out of MITRE is the MITRE ATT&CK Matrix, a tool that outlines the life cycle of a cybersecurity incident and categorizes various attacks into their applicable stages. As a result, it is possible to see the known methods for accomplishing any stage in the life cycle and potential security controls that can help to mitigate the threat.

One of the stages in the MITRE’s attack life cycle is the evasion of the defensive solutions put in place by the network defenders. This stage has many different options for attackers, one of which is the use of valid accounts.

Defense evasion using valid accounts

Most cybersecurity defenses are designed to be the equivalent of a lock on the front door. Anyone without a valid key should not be able to open the door without being noticed. As a result, attackers often have to find ways to circumvent these protections (similar to lock picking or breaking down the door).

However, another option for getting past a lock is stealing and using the key designed for it. If the theft of the key is subtle enough, then this method can be the most subtle option for gaining access. For cyberattackers that want a subtle approach, stealing and using valid credentials is a good option.

The issue with cybersecurity defenses is that absolute security isn’t possible: the defenses have to keep the “bad guys” out but also need to be able to let the “good guys” in. An attacker who manages to steal the access credentials of a “good guy” can therefore gain access to the system.

The use of valid accounts as a (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: