One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 544747 |
| Date de publication | 2018-03-27 13:00:00 (vue: 2018-03-27 13:00:00) |
| Titre | Tales from the SOC: The Simulated Attack |
| Texte |
Introduction
In today’s world, understanding threats and how to avoid them are critical to a business’s success. Last year, we saw an evolution in malware and attacks. Ransomwares like WannaCry made their debut; featuring worm-like attributes that allowed ransomware to self-propagate through a network, exploiting vulnerable machines and continuing the damage. We started to see attackers using more advanced automation in their malware and shiftier distribution methods to thwart defenses. In September 2017, we saw a supply chain attack against download servers that added a Trojan virus within versions of the popular CCleaner PC utility software. The download was undetected for almost a month and it is estimated that over 2 million users had installed it.
According to the US government, cyberattacks reportedly cost the US economy a $57-109 billion-dollar loss in 2016. Cisco reported in 2017 that 53% of cyberattacks resulted in damages of over $500k or more; 8% had damage totals over $5 million per incident. While costs are skyrocketing, so is the average timeframe for detecting cyberattacks. Multiple studies over the last several years have found businesses are averaging a three to eight-month time period before even detecting a cyber-attack.
We know the threat is real and the costs of a cyberattack can be exorbitant, so what can we do with all this information? As an MSSP, something we always recommend to our clients and prospects is practicing a multi-layer defense approach within their network. Multiple layers of security are an important part of detecting, preventing, and minimizing a business’s exposure to a cyberattack. So many times, we have heard “I have good anti-virus and an expensive firewall; I don’t need any other defenses.” Unfortunately, that is no longer the case. Preventive security is no longer enough; organizations must build a strong defense and use offensive practices to proactively head off potential intrusions.
In today’s blog, we share with you a real-life experience and what we did to mitigate the threat by building a strong cybersecurity strategy.
Tale from Our SOC
Several years ago, we helped a client implement managed security services. The client’s priorities were never focused on security, until they had hired a consulting company to perform a simulated cyberattack. The exercise shed light on their security shortcomings. It highlighted how the current controls they had in place failed during the simulated attack and what methods were missing from their environment, including: incident response, security awareness and systems capable of detecting these acts.
The Simulated Attack
When the simulated attack was started, they only used the organization’s name. The first step was reconnaissance about this organization, where common tools like Google and LinkedIn were used to search for user email formats, website, and domain information. As the discovery phase progressed, IPs for VPN server access and email servers were identified. Based off the information they discovered, user lists were built, and a phishing campaign was prepared. The attacker ran vulnerability scans and methodical brute force tests to identify any weaknesses within the external services they had already identified.
 The next step in the simulated attack was the phishing campaign. Now that the attacker had built a list of potential emails, they |
| Envoyé | Oui |
| Condensat | able above access accounts actively added additional admin affected again alarm alarms alarms: alienvault all also and/or another anti any anywhere application applications are assisted attack attacker attempt attempted attempting been blocked blocking brute can certified changes check client client’s com/managed company conjunction connect connected contained corner credentials cyberattack cybersecurity deeper defense defenses detected detecting did difference different director disabling discussed dns down during each easily enabled enforce engineering environment escalated every example executed exercise exercises external facing firewall firewalls followed force forced from gained gaining generated generation geographically going great group hacking had have here his how however http://www identified identifying implementation; implemented implementing improved incident information input install installed internal intrusion ips kept key killing kimpel layers logging logs machines magna5 magna5global malware matt mdr mfa monitored network newly next not now numerous off once organization original out over part partner password performed performs pivotal plan: played policy provided pull pulling quick received related remote required respond response review run saw scenarios second security security/ sensitive separate several should simulated since slip slowing soc: solution stopping strategy stronger successfully table tales team them then these three tool top trade traditional ultimately unsuccessful url user user’s users users’ usm virus vpn wave weeks where which why within worked would year yet your |
| Tags | Guideline |
| Stories | CCleaner Wannacry |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.