Identity & Security: Addressing the Modern Threat Landscape
Identity and Access Management (IAM) and Cybersecurity have for too long been separate disciplines with distinct solutions that have not interoperated optimally. This has put defenders at a disadvantage because malicious actors have increasingly made IAM solutions a primary vector of attack in their campaigns over the last several years. The best path forward for all organizations is to take a unified Identity & Security approach to increase efficiency and reduce mean time to detect threats and respond on time. In this paper, we will consider the innovative methods by which CrowdStrike, a leader in Endpoint Protection Detection & Response technologies, brings a broader security platform approach that converges and correlates threat signals across endpoints, identities, and workloads.
Commissioned by CrowdStrike
1 Executive Summary
Cyberattacks continue to grow more sophisticated. Malicious actors seek to exploit known and unknown software vulnerabilities, infrastructure and application misconfigurations, and weak implementations of security measures. As expected, malware is commonly used in attacks. The types of malware deployed by adversaries are multifarious: ransomware, spyware, crypto-jackers, mobile overlays, keyloggers/rootkits, etc. Ransomware is a leading threat and garners much attention in the technical press. The prevalence and severity of ransomware attacks has risen dramatically in the last few years. Ransomware perpetrators have hit companies of all sizes and in all industries. Government agencies across national, state, and local levels have been attacked. Public utilities are ransomware targets. The stakes are high for defenders: statistics show that ransomware demands and payouts are increasing year over year, with $1.79M being a recent average.
The Colonial Pipeline ransomware incident in May 2021 disrupted fuel supplies in the eastern US, though only IT systems and not the industrial control systems were reportedly affected. This resulted in canceled flights, caused fuel prices to temporarily increase, and led to rationing in some areas. The entry point for the attack was a password authentication-based VPN, for which the compromised password was found on the dark web.
Industrial control systems were targeted in the 2021 Oldsmar, FL water treatment plant incident. A guessed password on a remote-control application, out-of-support endpoints, and no firewalls allowed an attacker to gain access to critical infrastructure. Fortunately, plant personnel noticed and were able to prevent damage.
Keyloggers and rootkits are malware types that are designed to surreptitiously take over a system for the purpose of collecting usernames, passwords, other credentials, and user data. In consumer cases, keyloggers can be used to get bank account information for financial fraud. In enterprise cases, the captured usernames, passwords, or other credentials can be used by fraudsters, hacktivists, and Advanced Persistent Threat (APT) actors to move laterally from one compromised machine to another for a variety of nefarious activities: fraud, doxxing, reputation damage, sabotage, and intellectual property theft / corporate espionage.
Other high profile and high consequence attacks have been predicated upon compromising computing assets of key vendors in the software supply chain. The initial vectors in these attacks have varied, including watering hole tactics, spear phishing, social engineering, and brute-force password guessing against improperly secured systems. Attackers are now using Machine Learning algorithms to aid in reconnaissance, to discover weaknesses in targets' identity and security architectures and plan attack paths. Attackers increasingly understand how common security tools and authentication services work and develop techniques to bypass those measures. The goals of these attacks have been to introduce malware into the upstream supply chain in order to compromise customer systems.
A common thread running through these diverse attacks is the utilization of compromised credentials.
This paper will consider how cybersecurity threat detection and response techniques and technologies can be applied to IAM systems to discover and mitigate suspicious and malicious activities more effectively. It will also explore how CrowdStrike's Identity Threat Detection and Protection offerings aim to improve security by monitoring, detecting, and remediating against cyberattacks involving digital identities.
Full article is available for registered users with free trial access or paid subscription.
Register and read on!
Sign up for the Professional or Specialist Subscription Packages to access the entire body of the KuppingerCole research library consisting of 700+ articles.