Story image

Your IT infrastructure could be taken over in just 12 minutes

15 Mar 16

The frequency and sophistication of cyber crime is growing everyday in line with the increasingly digital workplace.

John Worrall, chief marketing officer of CyberArk asserts that saying the world is becoming a more dangerous place for businesses and their networks would be “a safe understatement”.

Protecting Active Directory has taken on a new sense of urgency, and it’s no wonder, as based on what CyberArk has seen in the field, it can take an attacker who has hijacked a privileged credential less than 12 minutes from initial infiltration to being able to take over a domain controller, which hosts the services that constitute Active Directory.

According to Forrester Research, “Active Directory’s growing importance also means it’s a tempting target for hackers who attack Active Directory infrastructure to elevate privileges and pilfer data.” 

Additionally, based on the M-Trends 2016 report, Mandiant’s Red Team, on average, is able to obtain access to domain administrator credentials within three days of gaining initial access to an environment.

Once domain administrator credentials are stolen, it’s only a matter of time before an attacker is able to locate and gain access to desired information and execute a complete network takeover.

John Worrall explains the journey of a typical cyber attack.

“When you talk to any of the forensics teams doing these investigations, they’ll tell you that an attack often starts out at an endpoint, like a typical business user, not an IT administrator,” Worrall says. “The first task of the attacker then is to actually provide themselves with credentials that will give them access to servers and ideally to the active directory environment and more specifically domain controllers.”

From there, it’s all a downhill slide for your business infrastructure.

“Once the attacker has access to the domain controller, they actually control the creation of new identities, they can grant new permissions to identities they already have access – in the case of ‘Golden Ticket’ they can actually get this master key to the identity system within an organisation and no one will know they have it, despite them having unlimited access.

By this point, they essentially own your infrastructure and can do just about anything they want.

Is there a solution?

CyberArk are exclusively focused on securing privileged accounts – those keys to the IT Kingdom, essentially user accounts that are placed in every single device, application, database and others that are within the IT infrastructure to enable the administrative team to deploy and manage them.

“I can’t emphasise enough the importance of securing your domain controllers and your active directory infrastructure,” Worrall says. “If you look at the most damaging attacks, every single one of them suffered a compromise at the domain controller.”

New real-time threat detection and containment capabilities help organisations secure against cyber attacks targeting Microsoft Active Directory infrastructure. These features enable incident response teams to visualise the threat and shut down in-progress attacks – including Kerberos authentication attacks like “Golden Ticket,” which can lead to a complete network takeover and massive business disruption.

“What we’ve done is take the proactive control technology we have through our existing solution for privileged account security, and we added new capabilities to privilege threat analytics that specifically looks for very unique and highly-damaging attacks against the infrastructure,” Worrall says. “The new release from CyberArk features targeted analytics and the ability to analyse network traffic to better detect indications of an attack early in the lifecycle, including credential theft, lateral movement and privilege escalation.”

If those accounts remain in the control of your trusted IT staff, all is great. If they happen to fall in the hands of the attacker, then they actually take control of the asset, the network and your business.

“CyberArk is all about preventing that initial takeover, while layering in real-time detection capabilities so that if for some reason an account gets compromised, we can detect that malicious activity quickly and actually invalidate those credentials - it’s kind of a nice closed-loop system.”

If you would like to know more about how to protect your organisation from Golden Ticket attacks, download this white paper today.

52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.
Preparing for the future of work – growing big ideas from small spaces
We’ve all seen it: our offices are changing from the traditional four walls - to no walls. A need to reduce real estate costs is a key driver, as is enabling a more diverse and agile workforce.
Bluetooth-enabled traps could spell the end for NZ's pests
A Wellington conservation tech company has come up with a way of using Bluetooth to help capture pests like rats and stoats.
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."