Threat diversification and sophistication has pushed the limits of IT security professionals in defending organizations of all sizes, across all verticals. The cyber-security skills shortage has reached an all-time-high, with 53 percent of organizations agreeing they have suffered from this gap.

In the wake of the skills drought, 91 percent of security professionals believe most organizations are vulnerable to a significant cyberattack, and 94 percent believe cyber-criminals have the upper hand on cyber-security professionals. These concerns keep 49 percent of IT security professionals awake at night, especially since IT and security teams suffer breach burnouts, alert fatigue, inadequate security tools and lack of visibility across the infrastructure.

While some of the biggest threats to organizations include brute force, password stealers, unpatched vulnerabilities and other network-based attacks on endpoints, emails are also a major concern for IT and security teams. Finance, c-level marketing and HR are the main targets of spear-phishing emails, with security rules broken most by senior management (57 percent).

Threats Organizations Face

Some of the biggest threats and attacks aimed at organizations – regardless of size and industry vertical – involve internet-exposed services, such as RDP, SSH, SMB, HTTP. Brute force attacks on RDP services account for over 65 percent of all network-based attacks, according to Bitdefender telemetry. Cyber-criminals often probe internet-facing services and endpoints for RDP connections that let someone outside the organization dial in remotely. Once inside the targeted machine, they try to take down the security solution and manually deploy threats such as ransomware or lateral movement tools designed to infiltrate and compromise additional machines within the infrastructure.

If not properly configured and secured, RDP can act as a gateway within the organization, effectively enabling threat actors to access sensitive internal resources. Brute forcing passwords is one way to go, as cyber-criminals use trial and error to obtain information such as a user password or other credentials or even send multiple distributed requests to a server, seeking a pair of valid credentials. Cyber-criminals also try to exploit unpatched vulnerabilities in RDP services to perform remote code execution, and seize control over those gateways. For instance, a recent wormable security flaw in Microsoft RDP service that allows attackers to take remote control of vulnerable systems (BlueKeep – CVE-2019-0708) is one of the most recent such attack vectors used by threat actors to compromise organizations.

These types of attacks are industry-agnostic – the organization merely needs to hold a publicly exposed server. If successful, attackers can move laterally across the infrastructure and compromise other servers or endpoints in an attempt to ensure persistency, access and exfiltrate highly confidential data, or even deploy destructive threats meant to cripple the organization or cover their tracks.

Threat actors also prefer attacks targeting web servers via SQL or command injection, as they could enable remote code execution capabilities on the machine and use it as a gateway or lateral movement pivot within the organization.

SMB exploits have also become a common attack tactic for threat actors, as these SMB servers often sit on Windows domain-based network architectures, allowing all employees to copy documents from these network shares. Consequently, compromising these SMB servers through exploits such as EternlBlue or DoublePulsar lets attackers use them as entry points to breach the organization, move laterally, search for other high-value hosts and even schedule tasks remotely on a computer from the network that has an exposed share.

Active Directory compromise is also a priority for cyber-criminals. Recent investigations have even revealed that threat actors can successfully compromise an organization’s AD server in less than two hours. Using a tainted email attachment opened by a financial institution’s employee, the cyber-criminal gang successfully managed to compromise select machines in the infrastructure, stealthily moving within the infrastructure and deploying persistency and lateral movement tools. When cyber-criminal gangs focus on targeting and compromising particular verticals, they have an intimate understanding of how those infrastructures work, where critical assesses may reside and what cyber-security defenses the company might have in place.

Most attacks occur using free open-source tools, meaning there is a low barrier-to-entry for cyber-criminals. However, threat actors seeking to carry out highly targeted attacks need advanced networking knowledge and custom tools to perform an APT (Advanced Persistent Threat).

Organizations need to focus on deploying and using network attack defense technologies designed to identify and categorize network behaviors that may indicate lateral movement, malware infections, web-service attacks, malicious traffic caused by botnets or TOR/Onion connections and even privacy breaches caused by leaks of passwords or sensitive data.

Avoid Breaches With Network Attack Defense

Behavioral technologies, multiple events correlation and network analytics are increasing the chances for organizations to avoid breaches and data theft. Solutions that provide incident response narratives with prescriptive recommendations for addressing threats are the future of IT security, and help address the acute security skills shortage that plagues the industry.

Automated, real-time network traffic inspection and prevention technologies that don’t bog down network traffic can scan the data in streaming mode, blocking threats at the first sign of a malformed data packet. This means the malicious traffic does not even reach the local application or machine, effectively stopping the attack before any payload lands.

Using an event correlation engine fed by proprietary and third-party IoC (Indicators of Compromise) feeds, network attack defense technology can identify and categorize suspicious network behavior. Also, using several machine-learning algorithms to identify specific attack vectors – such as protocols or device specific anomaly detection – while learning the normal behavior of network traffic, can help organizations defend against threats at the network level.

Moreover, having the ability to integrate this network-based threat intelligence with EDR (Endpoint Detection and Response) capabilities can help organizations protect their network as whole, giving them visibility across the entire technology stack, from the network to the operating system. More importantly, a network defense technology that integrates with EDR capabilities can spot complex events while supporting new lateral movement detections from MITRE. This lets organizations paint a complete picture of their overall cyber-security posture across the entire infrastructure.

Network attack defense technologies can detect and block new types of threats earlier in the attack chain, while correlating multiple attack vectors using both signatures and behavior-based machine learning. Adding network attack defense capabilities to your arsenal can improve your overall security posture by keeping one step ahead of the volume of threats and vectors for attack.

Article Provided By: Security Magazine

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina


If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.