One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8441709 |
| Date de publication | 2024-01-22 06:00:26 (vue: 2024-01-22 16:08:55) |
| Titre | Types de menaces et d'attaques d'identité que vous devez être consciente Types of Identity Threats and Attacks You Should Be Aware Of |
| Texte | It\'s easy to understand why today\'s cybercriminals are so focused on exploiting identities as a key step in their attacks. Once they have access to a user\'s valid credentials, they don\'t have to worry about finding creative ways to break into an environment. They are already in. Exploiting identities requires legwork and persistence to be successful. But in many ways this tactic is simpler than exploiting technical vulnerabilities. In the long run, a focus on turning valid identities into action can save bad actors a lot of time, energy and resources. Clearly, it\'s become a favored approach for many attackers. In the past year, 84% of companies experienced an identity-related security breach. To defend against identity-based attacks, we must understand how bad actors target the authentication and authorization mechanisms that companies use to manage and control access to their resources. In this blog post, we will describe several forms of identity-based attacks and methods and offer an overview of some security controls that can help keep identity attacks at bay. Types of identity-based attacks and methods Below are eight examples of identity attacks and related strategies. This is not an exhaustive list and, of course, cybercriminals are always evolving their techniques. But this list does provide a solid overview of the most common types of identity threats. 1. Credential stuffing Credential stuffing is a type of brute-force attack. Attackers add pairs of compromised usernames and passwords to botnets that automate the process of trying to use the credentials on many different websites at the same time. The goal is to identify account combinations that work and can be reused across multiple sites. Credential stuffing is a common identity attack technique, in particular for widely used web applications. When bad actors find a winning pair, they can steal from and disrupt many places at once. Unfortunately, this strategy is highly effective because users often use the same passwords across multiple websites. 2. Password spraying Another brute-force identity attack method is password spraying. A bad actor will use this approach to attempt to gain unauthorized access to user accounts by systematically trying commonly used passwords against many usernames. Password spraying isn\'t a traditional brute-force attack where an attacker attempts to use many passwords against a single account. It is a more subtle and stealthy approach that aims to avoid account lockouts. Here\'s how this identity attack usually unfolds: The attacker gathers a list of usernames through public information sources, leaked databases, reconnaissance activities, the dark web and other means. They then select a small set of commonly used or easily guessable passwords. Next, the attacker tries each of the selected passwords against a large number of user accounts until they find success. Password spraying is designed to fly under the radar of traditional security detection systems. These systems may not flag these identity-based attacks due to the low number of failed login attempts per user. Services that do not implement account lockout policies or have weak password policies are at risk for password spraying attacks. 3. Phishing Here\'s a classic and very effective tactic that\'s been around since the mid-1990s. Attackers use social engineering and phishing to target users through email, text messages, phone calls and other forms of communication. The aim of a phishing attack is to trick users into falling for the attacker\'s desired action. That can include providing system login credentials, revealing financial data, installing malware or sharing other sensitive data. Phishing attack methods have become more sophisticated over the years, but they still rely on social engineering to be effective. 4. Social engineering Social engineering is more of an ingredient in an identity attack. It\'s all about the deception and manipulation of users, and it\'s a feature in |
| Envoyé | Oui |
| Condensat | 1990s about above accepted access accessing account accounts across action active activities activity actor actors actual add adding addition advanced advantage adversary after against aggressively aim aims aitm all allows already also always analyzing another appear application applications approach arbitrary are around attack attacker attackers attacks attacks attempt attempts audits authentic authenticate authenticated authentication authorization automate automated avoid aware awareness back bad based bay because become been before believe below better between beyond biometrics blog book both botnets breach break brute business but bypass calls can cases center central challenges change changed chocolate classic clearly combinations comes common commonly communication companies company compromise compromised conducting consider contains control controller controls could counter counts course cozy crack cracking crafty create creative credential credentials critical cyberattacks cybercriminal cybercriminals cybersecurity dark data databases dealing deception default defend defenders defense defenses depending derived describe designed desired detect detection device different digital directory disclosing discover disrupt distribution does domain domains don download due each easily easy eavesdropping effective eight either element email emotion emphasize employ encrypt encrypted encryption endpoints energy enforcing engineering engineering enhance entire environment environments equally escalate even events every evokes evolving examples examples: exhaustive exists experienced explained exploiting extra fact factory failed falling far fast fatigue favored fear feature fictional financial find finding fireside flag fly focus focused following force forge forged formerly forms found from front fun gain gaining gartner gathers generally get give given goal gold golden granting greed guessable harder has hash have held help helping here high highly how human humans identify identities identity impersonate implement important inability include include: includes: information ingredient innovation inside install installing instituting instruct intellectual interaction intercepts involve involvement isn itdr its just kdc keep kerberoast kerberoasting kerberoasting kerberos key keys know knowledge known krbtgt large laterally layer leaked learn least legitimate legwork lifetime like line link list lockout lockouts login long lot low maintain makes malware man manage manipulate manipulation many maximum may means meant measure mechanisms messages method methods methods mfa microsoft mid middle might mind moderately money monitoring more most motion move much multifactor multiple must name need network next normal not ntlm number obtain offer often once one onto operating other out outlined over overview pair pairs particular party password passwords past patching per performing persistence phishing phishing phone places platform plays policies policies polp post potentially powerful present prevent prevention principle private privilege privileges probably process product proofpoint property protocol protocols protocols provide provides providing public radar rate real recent recipient reconnaissance reducing referred regular regularly related relays rely remediate remediation report repositories request requests requires resist resources respond response response: responses results reused revealing risk role rotating run same save second secondary securing security seizes select selected sender sending sensitive service services session set several shadow sharing should sides silently silver simpler since single sites sits small social solid solutions some somewhere sophisticated source sources space specifically spot spotlight spraying spraying steal steals stealthy step steps stolen stop stored strategies strategy strengthen strong stuffing stuffing subtle succeed success successful such sufficient suspicious sweeping system systematically systems systems tactic tactics take takes |
| Tags | Malware Vulnerability Threat Patching Technical |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ressemble à 1 autre(s) article(s):
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
|
2024-01-24 06:00:39 | (Déjà vu) 5 Techniques d'attaque d'escalade communes avec des exemples 5 Common Privilege Escalation Attack Techniques with Examples (lien direct) |
Privilege escalation is often a top aim for cybercriminals as they traverse the attack chain to exploit your IT crown jewels. It lets them achieve critical steps in the attack chain, like maintaining persistence and moving laterally within an environment. Once they\'ve initially compromised a host, they will seek to acquire higher privileges to gain access to valuable assets and create other mischief or damage. This blog post explains why privilege escalation is a significant challenge for today\'s businesses. We also present five common techniques, along with brief examples of each. And we offer a real-world example to underscore how bad actors use privilege escalation as a key intermediary step to carry out attacks. Understanding privilege escalation In cybersecurity, privilege escalation is the process by which an attacker gains access or permissions on a system that is at a higher level of privilege than what they had at the time of the initial compromise. Attackers look to escalate privileges in one of two ways. They either do this horizontally or vertically. Horizontal example This approach involves an attacker moving laterally within a network by compromising accounts at the same privilege level. As they move across the network, they can discover more targets and find more valuable data or systems. Here\'s an example of how a horizontal privilege escalation attack might unfold: An attacker uses stolen credentials to access a host with regular privileges within a company\'s network. The attacker identifies a file server within the network that has sensitive data. Multiple users can access it, but they can only read and write files. The attacker takes advantage of this shared access. They modify files within the shared file system, injecting malicious code or replacing critical configuration files. This activity may go unnoticed for a time because legitimate users regularly modify files on the shared file server. As other users interact with the compromised files, the attacker can increase the number of compromised accounts and hosts, collect sensitive data and prepare to launch a more widescale attack. Vertical example In this approach, attackers exploit identity vulnerabilities within a system or application to escalate their privileges from a basic user account to a privileged user. They might use social engineering tactics like phishing at first to trick users into handing over their login credentials. Here is how a vertical privilege escalation attack might play out: An attacker uses a compromised user account to gain access to a targeted system. They identify a known vulnerability in an application or service that is running on the system. The attacker creates and deploys an exploit to take advantage of this vulnerability. In this case, they take advantage of a flaw in the code that allows a user to escalate privileges without being authorized. The attacker can now change their privileges to a higher level, like system admin. Now that they have a lot of control over the system, the attacker can carry out a range of malicious actions. For example, they might change system configurations or steal data. Why it is important to prevent privilege escalation attacks The examples above make it clear that privilege escalation-enabled attacks can have a significant impact on businesses. To underscore the risk further, here are several other reasons these attacks are a cause for concern: Unauthorized access to and exposure of sensitive data Compromised user accounts and user identities Manipulated systems and configurations Disrupted business operations Data tampering and manipulation, such as with ransomware Legal and regulatory repercussions Reputational damage 5 Common privilege escalation attack techniques and examples Now that you understand the two main categories of privilege escalation and why you must be vigilant in defending against these techniques, let\'s look at five tactics that bad actors might use in | Tool Vulnerability Threat Commercial | ★★★ |