Catch Me If You Can
If you have been following
the news over the last 6 months or so, you may have noticed an uptick
in the number of articles related to critical national infrastructure
legislation. You may have seen more reports of cyber-attacks against a
wider variety of targets by entities other than criminal elements
seeking financial gains.
Although it was predicted
to occur over a decade ago, we are now seeing the use of cyber-weapons
being used by nation states and radical elements to achieve attention,
potential physical dominance and access to intellectual property that
would boost their economies. What was theoretical and simple probing of
security weaknesses has now turned into actual concerted warfare
against real targets that affect real citizens of the USA on a daily
basis – more or less. For proof, pick up any local paper or Internet
news source and the victims of these cyber-attacks run the full gamut
of financial, government as well as providers of life safety
What Has Changed?
From our perspective we see the methods used to attack ratcheted up to
the nation-state level. At this level of opponent competence, existing
anti-virus/anti-malware products as well as firewalls and intrusion
detection solutions are a waste of time and money as they are totally
Toady’s attacks are crafted on a per-user basis on a mass scale
designed to regularly compromise some subset of systems within an
organization. The objective of the attacks are to gain access to the
internal network with a set of valid credentials (the higher privileged
the better), and then try to jump around from machine to machine
gathering more and more credentials and access.
It appears that the attackers have a good understanding of common
weaknesses in IT shop processes such as default passwords, blank
passwords, common passwords, shared passwords, and the use of publicly
publishing password spreadsheets on shares. The other technique used is
the compromise of servers and their services to discover powerful
credentials that are widely used (many services using the exact same
credential). We also see the use of the pass-the-hash technique to
allow attackers to use in-memory credentials to achieve connectivity to
Do We Offer? Simple: Speed and Scope.
If an organization
regularly changes passwords, keeps credentials unique per system, and
can automate the management of privileged credentials and secrets (and
where they are used) so that there is minimal disclosure for a
limited amount of time for a specific purpose, then this threat is
With this in mind, we
have seen some very interesting outcomes from our customers. First,
some of our customers who are under active 7/24 attack have begun to
rotate all passwords every 8 to 24 hours. This has created a nasty
problem for attackers: not only are they limited to only one
compromised system, but even this access is terminated automatically.
One great differentiator
we offer to customers is our total automation of the machines, accounts
and usage. This technology means that we can keep up with the
attacker’s foot printing scanners and secure new resources as quickly
as the enemy can detect them.
Just to be clear, I am
not suggesting that all of our customers switch to this strategy of
continuous high-frequency password changes. For some of our customers,
the ability to keep nation-state attackers at bay by frustrating their
attempts has been a very satisfying outcome for all of us.
you think? Email me at: Phil@liebsoft.com.
You can also follow me on Twitter: @liebsoft
or connect with me via LinkedIn.
New in Identity Week
Featured commentary on our Identity
Week blog this month includes:
- Evernote Data Breach and Securing Access to
Your Systems. Last week’s data breach of online information
storage firm Evernote caused quite a stir in the IT security world. Of
course, when you have 50 million users whose names, email addresses and
encrypted passwords may have been accessed, you have to expect to see
your company’s name in the headlines...
- Compartmentalizing and Segmenting
Privileged Passwords. If you’re a fan of old war movies –
and especially if you’re a child of the Cold War – then you no doubt
recall watching scenes where prior to launching a nuclear missile, two
operators will turn their launch keys simultaneously in order to
initiate the launch...
Events / Press /
intervention scares users from using the cloud. SC Magazine UK. A
fear of government snooping is deterring IT departments from using the
cloud. According to a survey of 300 IT managers, 48 per cent said that
the potential for government and legal interference puts them off from
entering information into the cloud environment.
meets with CEOs to push cyber-security legislation. Los Angeles
Times. President Obama met with more than a dozen corporate
chief executives to seek their support for stalled cyber-security
legislation amid increasing evidence that government agencies,
businesses and individuals are vulnerable to computer network
Hot Security Trends Overheard at RSA 2013. Point2Security.
For more than 20 years, security professionals from all over have
gathered annually for the RSA Security Conference. The five-day event
draws its share of industry pundits and luminaries. This morning,
however, I wanted to share the best observations that I heard on the
show floor in one-on-one conversations.
use grows, and so does security threat. MercuryNews.com. Holding everything
from highly personal medical and social media material to confidential
financial and corporate documents, Internet-based cloud services are
gathering an enormous trove of information -- already a quarter of the
world's business data -- that is proving a powerful lure for
Addresses the Two-man Rule. GRC Daily. Double safekeeping,
or the two-man rule, has long been an established control mechanism for
ensuring high levels of security during critical operations because the
process requires the involvement of two or more authorized personnel
when accessing sensitive resources. Now Lieberman Software Corporation
is extending double safekeeping to privileged identity management in
the latest version of its Enterprise Random Password Manager (ERPM)
Tech Tip of the Month
passwords directly from the Microsoft® System Center
Enterprise Random Password Manager (ERPM) and Random Password Manager
(RPM) customers can get all the benefits of deep, out-of-the-box integration with Microsoft® System Center Configuration Manager through
the E/RPM Snap-In for Configuration Manager. Thanks to this deep
authorized users can quickly retrieve administrator and root account
passwords directly from the Configuration Manager interface. Here's how.