Protecting Networks from Credential Theft

November 18, 2015 |
Protecting Networks from Credential Theft

Last month, I wrote a blog post about intellectual property theft and how many enterprises in the US are effectively at the mercy of hacking groups in China with the full weight of that country’s military intelligence service behind them. Regardless of any agreement President Obama and President Xi may reach, the PRC has little reason not to use commercially-motivated cybercrime as a way to further its power on the global stage.

Of course, China isn’t the only country from which US enterprises face a significant hacking threat. Another is Russia, which presents a very different set of circumstances and challenges in terms of cracking down on cybercriminal activity.

It may, in fact, be easier for the US to make headway in Russia than China, because much of the activity in the former can be traced back to criminal gangs rather than explicitly state-sponsored groups.

The Real Threat Cybercriminals Pose

It’s important that we don’t underestimate the threat from Russian cybercriminals. They have a long history of targeting the US financial services sector, often with great success, and their methods are no less sophisticated than those of their counterparts in China.

Take the case of Evgeniy Bogachev, for example, who currently has a higher FBI bounty on his head – $3 million – than any other wanted cybercriminal. Bogachev is believed to have been instrumental in the creation and distribution of the Zeus malware strain, which at its height was present tens of millions of computers worldwide and facilitated the theft – via compromised credentials – of hundreds of millions of dollars from business bank accounts in Europe and the US. He’s also credited with the development of GameOver Zeus, an improved version of the trojan that, again, infected millions of machines and caused the victims financial losses totaling more than $100 million.

It’s US enterprises that are suffering because of this activity, and yet a lack of engagement and cooperation between US and Russian authorities has created a situation in which cybercriminals within Russian borders remain free to target our financial institutions and their customers with relative impunity.

How Companies Can Protect Themselves Against Credential Theft

The reality is with ever growing threats from Russian hackers and the community at large, it’s almost impossible to prevent credentials from being stolen. You must accept that at some point someone’s credentials will be stolen whether from malware or phishing campaigns – people are often the weakest link.

You can however employ technology to help recognize when a trusted user is acting out of the ordinary, a red flag that they may not be who they claim to be. For example, if John Smith who normally works in the UK is logging in from Russia in the middle of the night access should be denied based on context or at minimum additional authentication should be required.

Another important step is to limit what users can access to only those resources required, instead of broad entitlements to a network segment. Hackers have successfully demonstrated that they can get in with one user’s credentials and quickly get a foothold into systems and escalate privileges – gaining access to more valuable resources by impersonating someone else within the organization. This is a shortcoming of NACs, VLANs and other traditional security tools.

Learn how Cryptzone’s privileged access solutions can prevent and limit damage when user credentials are compromised.

Back to Blog Home

Leo Taddeo

Leo Taddeo
Chief Security Officer
www.cryptzone.com

Leo Taddeo is the Chief Security Officer (CSO) for Cryptzone, a provider of dynamic, context-aware network, application and content security solutions. Taddeo, former Special Agent in Charge of the Special Operations/Cyber Division of the FBI’s New York Office, is responsible for analyzing the cybersecurity market to help shape Cryptzone’s vision for security solutions. Taddeo provides deep domain insight into the techniques, tactics and procedures used by cybercriminals, to help Cryptzone continue to develop disruptive solutions that enable customers to defend against advanced threats and breaches.

Prior to Cryptzone, Taddeo led more than 400 agents and professional support staff in cyber investigations, surveillance operations, information technology support and crisis management for the FBI. He oversaw high profile cases, including Silk Road, Blackshades and JP Morgan.

Previously, Taddeo served as a Section Chief in the International Operations Division, where he managed FBI operations in Africa, Asia and the Middle East. Taddeo has held various roles of increasing responsibilities in the field, including supervising a joint FBI/New York City Police Department Joint Terrorism Task Force and serving as the Legal Attaché in Rome, Italy.

After receiving his degree in applied physics from Rensselaer Polytechnic Institute in 1987, Taddeo served as a tank officer in the U.S. Marine Corps. In 1991, he was awarded a Purple Heart and Bronze Star Medal for valor for service in the Gulf War. Taddeo then earned a Juris Doctor from St. John’s University and joined the New York law firm of Mound, Cotton & Wollan, where he practiced civil litigation until entering the FBI.

Taddeo is a graduate of the CISO Executive Program at Carnegie Mellon University. He also maintains the Certified Information Systems Security Professional (CISSP) and GIAC Certified Incident Handler certifications.

Leave a Reply

Your email address will not be published. Required fields are marked *