Cyber Defense eMagazine March Edition for 2022

More documents

Recommendations

Info

Here are five reasons that organizations need to secure directory services in a hybrid deployment. 1. As cloud use grows, attackers are following the data In October 2021, Microsoft reported that Azure and other cloud services grew 50% year over year in Q4 2021 and have grown between 47% and 62% every quarter since Q2 2020. The Covid-19 pandemic accelerated the shift to the cloud across many industries, and the momentum hasn’t slowed down. As data has moved to the cloud, malware has followed. A survey of CISOs conducted by IDC in mid-2021 found that 98% of respondents suffered at least one cloud data breach in the previous 18 months as opposed to 79% in 2020. There’s every reason to believe that adversaries will continue to target the cloud aggressively in 2022. Security and cloud teams should ensure they are not leaving gaps that attackers can exploit in their identity and access management infrastructure that make it easier for adversaries to target them. 2. The rapid rate of change in the cloud creates uncertainty and risk Cloud platforms are still being actively developed, which means the underlying software changes frequently, Cloud products and tools get merged with other products, removed, or overhauled on a regular basis. This volatility increases security risk because it prevents security experts, whether they work inhouse, for a service provider or as a consultant, from understanding the cloud platform in detail. Every time something changes, security pros need to re-learn how it works, what its weaknesses are and how to protect it. Until they do, they’re more likely to make mistakes, overlook security gaps or implement insecure misconfigurations. Since cloud platforms are relatively new compared to on-premises software, the talent pool and library of third-party resources for securing them are small to start with. These factors make the cloud especially risky, and forces organizations to continuously revise their cloud security policies - increasing the changes something will slip through the cracks. For comparison, Microsoft Active Directory has been used for identity and access management onpremises for two decades. There are a huge number of AD admins that understand the software inside and out and an enormous library of third-party resources to help them do their job quickly and safely. While many organizations still struggle to secure AD on-premises, AD security in the cloud has additional barriers to security that make it even more important that security and cloud teams take it seriously. 3. The cloud has a larger attack surface and authentication is more complex than on-premises Cloud authentication systems are easier for attackers to exploit in some ways. First, they simply have a larger attack surface. These systems are exposed to the internet by default, where on-premises AD is closed to the internet by default. With on-premises AD, adversaries first needed access to the network through a user’s credentials. In the cloud, they don’t even need that. The systems that assign permissions to specific users or groups in the major cloud platforms also tend to be more complex than they are in on-premises AD. For example, Azure AD uses at least three separate Cyber Defense eMagazine – March 2022 Edition 68 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
systems to manage identity and access: Azure Active Directory, Azure Resource Manager, and the Azure API Apps permissions system. Unfortunately, these systems can often conflict and make it unclear which system is the source of truth. This makes it more difficult for security teams to audit who has access to valuable systems, which in turn makes it harder for them to find and close down Attack Paths. The more difficult it is to assign permissions, the more likely that Cloud or AD engineers will give blanket permissions to large groups of users or give a problem user admin access to just make everything work. After all, their main task is to ensure employees have access to the systems they need to do their jobs. This complexity creates additional attack paths and undermines the expertise of security and Identity Access Management engineers. 4. Attacks can move from Azure to on-prem AD Attack Paths in AD don’t just stay on-premise or in the cloud; they can cross between environments. For example, adversaries can move laterally from on-premise AD to Azure AD, escalate privilege within Azure, and then move back from Azure to on-premise. They can do this by abusing Microsoft Endpoint Manager to move laterally from an Azure tenant to an on-prem AD domain. This abuse becomes possible when Windows devices have been Hybrid-Joined to both the Azure tenant and the on-prem Active Directory domain. This attack can be carried out by Azure tenant authenticated user — no special privileges or roles needed. Abusing one of the three endpoint management systems to execute PowerShell scripts on hybrid-joined devices requires either the “Global Admin” or “Intune Administrator” roles. This is why it’s vital to protect Active Directory both on-premises and in the cloud - because both of them give attackers a way in. 5. Attack Paths open orgs up to dangerous attacks like ransomware Attack Paths are a way for adversaries to get powerful access that lets them steal sensitive data, deploy ransomware or other malware, achieve persistence in the network or add backdoors that will allow them to instantly re-gain privileged access in the future. An adversary that is well versed in attacking AD (and most adversaries are) can gain privileges and move freely across Attack Paths leaving minimal risk of discovery from defenders, achieve persistence, and gain the keys to the kingdom. Ransomware is a particularly active threat at the moment; approximately 37% of global organizations said they were the victim of some form of ransomware attack in 2021, according to IDC's "2021 Ransomware Study." The FBI's Internet Crime Complaint Center received 62% more ransomware reports year-over-year in the first half of 2021. To reduce their vulnerability to all these attacks and stop problems like ransomware at their source, organizations should work on eliminating the Attack Paths in their AD environment. Identity and access management on-premises and in the cloud are two sides of the same coin. Organizations with a hybrid infrastructure model must protect both in order to keep their users and data safe. Cyber Defense eMagazine – March 2022 Edition 69 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Why Changing Classified Document St
Page 3 and 4:
Tips And Trends for OT Cybersecurit
Page 5 and 6:
@MILIEFSKY From the Publisher… De
Page 7 and 8:
Welcome to CDM’s March 2022 Issue
Page 9 and 10:
Cyber Defense eMagazine - March 202
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18: Cyber Defense eMagazine - March 202
Page 19 and 20: level of concern while working remo
Page 21 and 22: The Fragility of a GPS Centric Worl
Page 23 and 24: Formerly known as LOng-RAnge Naviga
Page 25 and 26: The Role of The CFO In Enterprise C
Page 27 and 28: Help them mitigate potential risks
Page 29 and 30: The Safest Ways for Bitcoin Trading
Page 31 and 32: and clear instructions through a "N
Page 33 and 34: According to Cybereason’s “Rans
Page 35 and 36: If you implement these three tips,
Page 37 and 38: • Nearly half of zero-day malware
Page 39 and 40: Don’t Become a Horrible Headline:
Page 41 and 42: pandemic era. By empowering profess
Page 43 and 44: Have We Learned from Our Past Mista
Page 45 and 46: internet, etc. How much training is
Page 47 and 48: How to strengthen cyber resilience
Page 49 and 50: A BCDR solution with automated disa
Page 51 and 52: 1. Cybersecurity Incidents Will Bec
Page 53 and 54: Is XDR The Right Solution for Today
Page 55 and 56: How Open XDR Helps Open XDR address
Page 57 and 58: A very small set of next-gen SIEM s
Page 59 and 60: • What are my options for data la
Page 61 and 62: Additionally, we’ll witness the r
Page 63 and 64: Top 10 Reasons Cyber Defense Firms
Page 65 and 66: 4. Teamwork and individual responsi
Page 67: 5 Reasons Organizations Need Compre
Page 71 and 72: Directed Analytics - The Future of
Page 73 and 74: Directed analytics allow these insi
Page 75 and 76: InDesign and uploaded to indd.adobe
Page 77 and 78: Are You Prepared for the New Normal
Page 79 and 80: • Find Unseen Risk - The hardest
Page 81 and 82: intruders were able to gain control
Page 83 and 84: About the Authors Michael Cheng is
Page 85 and 86: Why am I rehashing this old trope?
Page 87 and 88: 1. Look for and minimize attack sur
Page 89 and 90: On The Frontline in The War Against
Page 91 and 92: How to Fix Mid-Market Security Usin
Page 93 and 94: the particular victims being target
Page 95 and 96: 5 Ways Cybersecurity Will Change In
Page 97 and 98: #3: Supply chains will be the big r
Page 99 and 100: Executive Order Instructs Certain O
Page 101 and 102: • Stay ahead of fraud. Fraud cost
Page 103 and 104: Too Hot to Handle:The case for Zero
Page 105 and 106: Critically, endpoint security only
Page 107 and 108: To prevent lateral movement attacks
Page 109 and 110: Redefining Resilience in The New Wo
Page 111 and 112: About the Author Andrew Lawton is C
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
CyberDefense.TV now has 200 hotseat
Page 137 and 138:
Books by our Publisher: https://www
Page 139 and 140:
show all

Cyber Defense eMagazine March Edition for 2022

Create successful ePaper yourself

Delete template?

Save as template?