Outpost24 webinar - How to protect your organization from credential theft
•Download as PPTX, PDF•
0 likes•40 views
This document discusses how to protect organizations from credential theft. It provides an overview of the credential theft landscape and lifecycle. It explains how credential thieves gather credentials through various means like exploiting vulnerabilities, using compromised credentials from initial access brokers or ransomware-as-a-service groups, and monitoring for leaked credentials. The document recommends organizations implement account lockouts, anti-automation measures, strong password policies, and support for multi-factor authentication to help prevent credential theft. It promotes the services of Outpost24 and Blueliv to help customers assess security posture and discover threats.
Recommended
Recommended
More Related Content
Similar to Outpost24 webinar - How to protect your organization from credential theft
Similar to Outpost24 webinar - How to protect your organization from credential theft (20)
More from Outpost24
More from Outpost24 (20)
Recently uploaded
Recently uploaded (20)
Outpost24 webinar - How to protect your organization from credential theft
- 1. How to protect your organization from credential theft Stephane Konarkowski and Vicente Martin 26th January 2022
- 3. 3 Overview about credentials theft
- 4. 4 Business Model Evolution VS Only one attacker: • Find target • Vulnerability scan • Steal Credentials • Develop exploit • Develop malware • Manage infrastructure • Perform attack • Collect the ransom • Manage encryption keys Initial Access Brocker (IABs): • Exploits • Compromised credentials RaaS: • Develop malware • Manage infrastructure • Collect the ransom • Manage encryption keys Only one attacker: • Find target • Perform attack
- 5. 5 Credentials are used for …
- 8. 8 How we gather credentials
- 9. What ? / Where ?
- 11. 7v Web Application attack Surface
- 12. Discovery • First Step • Find them • 2 Types • I need them to be there • That should not be here • Categorize
- 13. Categorize • Third Party Applications • Admin Portals • Customer Login Portals • Other Portals
- 14. Security • Lack of Account Lockouts • Lack of Anti-Automation • Weak Password Policy • Lack of Support for MFA
- 16. Stephane Konarkowski Senior Security Consultant sk@outpost24.com Q & A Vicente Martin VP of Product vicente.martin@blueliv.com
- 17. Helping customers improve security posture since 2001 Full stack vulnerability and security assessment to automate cyber hygiene Over 2,000 customers in over 40 countries Europe’s leading cyberthreat intelligence provider Search the open, deep, and dark web to discover customer- specific threat information for external cyberthreats and manage their digital risk Request FREE credential theft assessment today!
Editor's Notes
- SHERIFF AND REVIL GANG “Sheriff” is a threat actor quite active in the cybercriminal underground. The threat actor is an IAB who sells access to networks that they acquire using brute-forcing techniques and credential-stealing malware. Sheriff has a prolific relation with the REvil gang, selling access to victims’ networks to the ransomware gang who then proceeds with ransomware attacks by encrypting and exfiltrating data. Sheriff’s targets include companies from a wide range of sectors in North America, Western Europe, and Australia; yet, U.S. financial institutions are by far their most preferred and recurrent target. DRUMRLU/3LV4N AND THANOS RaaS (Comentarios sobre que en este caso se ve muy clara la relación) Joint ventures that the anounce “drumrlu” (aka 3lv4n) is an initial access broker and database seller active in underground forums since at least May 2020. On July 18, 2020, Nosophoros posted on Exploit “drumrlu is a good vendor, I vouched for him before and I still do. Glad you are back”. drumrlu also left a review in Nosophoros profile stating “Best RaaS, Best Programmer”. Another comment from the threat actor “peterveliki” supports the potential partnership between drumrlu and Nosophoros: “I bought access from this seller – everything went smoothly. A very helpful dude” . He also recommended using Thanos from Nosphorus; which turned out to be very helpful in this case. Good seller, I recommend”.
- Initial Access Brokers (IABs) are financially motivated threat actors that profit through the sale of remote access to corporate networks in underground forums, like Exploit, XSS, or Raidforums.
- Portals that Privilege accounts have access VIP have access Unsecure portals will drive likelihood compromise
- 1) The most common and easily launched password attack is a simple dictionary-based or brute force attack, where an attacker tries a bunch of passwords against a common account or a username they’ve discovered somewhere. 2) great for preventing automated username enumeration techniques or password spraying attacks. Sometimes anti-automation will be in the form of a CAPTCHA that a user has to answer to login 3) at least 8 characters in length, prevent extremely common passwords using a blacklist 4) Two factor, app, sms, etc.. Reducing Authentication Attack Surface
- Built a process to discover applications that could be prone to credentials theft Use Intelligence to detect malicious activity around those applications Employees using their emails to connect to third party applications Users which have their credentials stolen via Botnet This will help to prevent potential damage by malicious activity