Protecting Networks from Credential Theft
Last month, I wrote a blog post about intellectual property theft and how many enterprises in the US are effectively at the mercy of hacking groups in China with the full weight of that country’s military intelligence service behind them. Regardless of any agreement President Obama and President Xi may reach, the PRC has little reason not to use commercially-motivated cybercrime as a way to further its power on the global stage.
Of course, China isn’t the only country from which US enterprises face a significant hacking threat. Another is Russia, which presents a very different set of circumstances and challenges in terms of cracking down on cybercriminal activity.
It may, in fact, be easier for the US to make headway in Russia than China, because much of the activity in the former can be traced back to criminal gangs rather than explicitly state-sponsored groups.
The Real Threat Cybercriminals Pose
It’s important that we don’t underestimate the threat from Russian cybercriminals. They have a long history of targeting the US financial services sector, often with great success, and their methods are no less sophisticated than those of their counterparts in China.
Take the case of Evgeniy Bogachev, for example, who currently has a higher FBI bounty on his head – $3 million – than any other wanted cybercriminal. Bogachev is believed to have been instrumental in the creation and distribution of the Zeus malware strain, which at its height was present tens of millions of computers worldwide and facilitated the theft – via compromised credentials – of hundreds of millions of dollars from business bank accounts in Europe and the US. He’s also credited with the development of GameOver Zeus, an improved version of the trojan that, again, infected millions of machines and caused the victims financial losses totaling more than $100 million.
It’s US enterprises that are suffering because of this activity, and yet a lack of engagement and cooperation between US and Russian authorities has created a situation in which cybercriminals within Russian borders remain free to target our financial institutions and their customers with relative impunity.
How Companies Can Protect Themselves Against Credential Theft
The reality is with ever growing threats from Russian hackers and the community at large, it’s almost impossible to prevent credentials from being stolen. You must accept that at some point someone’s credentials will be stolen whether from malware or phishing campaigns – people are often the weakest link.
You can however employ technology to help recognize when a trusted user is acting out of the ordinary, a red flag that they may not be who they claim to be. For example, if John Smith who normally works in the UK is logging in from Russia in the middle of the night access should be denied based on context or at minimum additional authentication should be required.
Another important step is to limit what users can access to only those resources required, instead of broad entitlements to a network segment. Hackers have successfully demonstrated that they can get in with one user’s credentials and quickly get a foothold into systems and escalate privileges – gaining access to more valuable resources by impersonating someone else within the organization. This is a shortcoming of NACs, VLANs and other traditional security tools.
Learn how Cryptzone’s privileged access solutions can prevent and limit damage when user credentials are compromised.