Story image

Your IT infrastructure could be taken over in just 12 minutes

15 Mar 2016

The frequency and sophistication of cyber crime is growing everyday in line with the increasingly digital workplace.

John Worrall, chief marketing officer of CyberArk asserts that saying the world is becoming a more dangerous place for businesses and their networks would be “a safe understatement”.

Protecting Active Directory has taken on a new sense of urgency, and it’s no wonder, as based on what CyberArk has seen in the field, it can take an attacker who has hijacked a privileged credential less than 12 minutes from initial infiltration to being able to take over a domain controller, which hosts the services that constitute Active Directory.

According to Forrester Research, “Active Directory’s growing importance also means it’s a tempting target for hackers who attack Active Directory infrastructure to elevate privileges and pilfer data.” 

Additionally, based on the M-Trends 2016 report, Mandiant’s Red Team, on average, is able to obtain access to domain administrator credentials within three days of gaining initial access to an environment.

Once domain administrator credentials are stolen, it’s only a matter of time before an attacker is able to locate and gain access to desired information and execute a complete network takeover.

John Worrall explains the journey of a typical cyber attack.

“When you talk to any of the forensics teams doing these investigations, they’ll tell you that an attack often starts out at an endpoint, like a typical business user, not an IT administrator,” Worrall says. “The first task of the attacker then is to actually provide themselves with credentials that will give them access to servers and ideally to the active directory environment and more specifically domain controllers.”

From there, it’s all a downhill slide for your business infrastructure.

“Once the attacker has access to the domain controller, they actually control the creation of new identities, they can grant new permissions to identities they already have access – in the case of ‘Golden Ticket’ they can actually get this master key to the identity system within an organisation and no one will know they have it, despite them having unlimited access.

By this point, they essentially own your infrastructure and can do just about anything they want.

Is there a solution?

CyberArk are exclusively focused on securing privileged accounts – those keys to the IT Kingdom, essentially user accounts that are placed in every single device, application, database and others that are within the IT infrastructure to enable the administrative team to deploy and manage them.

“I can’t emphasise enough the importance of securing your domain controllers and your active directory infrastructure,” Worrall says. “If you look at the most damaging attacks, every single one of them suffered a compromise at the domain controller.”

New real-time threat detection and containment capabilities help organisations secure against cyber attacks targeting Microsoft Active Directory infrastructure. These features enable incident response teams to visualise the threat and shut down in-progress attacks – including Kerberos authentication attacks like “Golden Ticket,” which can lead to a complete network takeover and massive business disruption.

“What we’ve done is take the proactive control technology we have through our existing solution for privileged account security, and we added new capabilities to privilege threat analytics that specifically looks for very unique and highly-damaging attacks against the infrastructure,” Worrall says. “The new release from CyberArk features targeted analytics and the ability to analyse network traffic to better detect indications of an attack early in the lifecycle, including credential theft, lateral movement and privilege escalation.”

If those accounts remain in the control of your trusted IT staff, all is great. If they happen to fall in the hands of the attacker, then they actually take control of the asset, the network and your business.

“CyberArk is all about preventing that initial takeover, while layering in real-time detection capabilities so that if for some reason an account gets compromised, we can detect that malicious activity quickly and actually invalidate those credentials - it’s kind of a nice closed-loop system.”

If you would like to know more about how to protect your organisation from Golden Ticket attacks, download this white paper today.

NZ investment funds throw weight against social media giants
A consortium of NZ funds managing assets worth more than $90m are appealing against Facebook, Twitter, and Google following the Christchurch terror attacks.
Poly appoints new A/NZ managing director, Andy Hurt
“We’re excited to be bringing together two established pioneers in audio and video technology to be moving forward and one business – Poly."
Unity and NVIDIA announce real-time ray tracing across industries
For situations that demand maximum photorealism and the highest visual fidelity, ray tracing provides reflections and accurate dynamic computations for global lighting.
NVIDIA announces Jetson Nano: A US$99 tiny, yet mighty AI computer 
“Jetson Nano makes AI more accessible to everyone, and is supported by the same underlying architecture and software that powers the world's supercomputers.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
NVIDIA introduces a new breed of high-performance workstations
“Data science is one of the fastest growing fields of computer science and impacts every industry."
Apple says its new iMacs are "pretty freaking powerful"
The company has chosen the tagline “Pretty. Freaking powerful” as the tagline – and it’s not too hard to see why.
NZ ISPs issue open letter to social media giants to discuss censorship
Content sharing platforms have a duty of care to proactively monitor for harmful content, act expeditiously to remove content which is flagged to them as illegal.