It’s no surprise that modern cyberattacks are looking for ways to move laterally both within an on-premises environment, as well as over to an organization’s cloud-based services, applications, and resources. With most every environment leveraging some form of hybrid configuration, any identity credentials that are susceptible to hacking techniques provide an attacker with potentially unfettered access to both the cloud and on-prem environment.
And why is it so easy for an elevated identity to be compromised? Weaknesses in your identity configuration, management, and monitoring are likely the cause.
Think beyond just an insecure password – undocumented or forgotten accounts, permissions, and delegations; a lack of additional authentication factors; standing privileges; and more, all plague most organizations (because we’re all so focused on dealing with the “next” issue). It’s these weaknesses that cybercriminals look for and take advantage of… all because they know you haven’t addressed them.
In this webinar, Yiftach Keshet, VP of Product Marketing at Silverfort, takes a deeper dive into the common identity security gaps that exist in on-premises environments that enable threat actors to also access SaaS-based applications and platforms.
Up first, 4-time Microsoft MVP Nick Cavalancia discusses why identity continues to be a primary attack surface, using the MITRE ATT&CK Framework to demonstrate how nearly every action taken inevitably traces back to a weak identity attack surface.
Up next, Yiftach dives into the most common security gaps, and showing how they can be used to provide access to on-prem and cloud environments alike. These include:
- How adversaries abuse on-prem weaknesses to laterally move to and compromise the cloud environment by gaining initial access to a machine, and then use either an NTLM path or Kerberos path to gain access to cloud environments.
- Identify users with excessive access privileges: 1 out of 7 users (on average) has access privileges similar to those of admins despite not being included in a any admin group. Naturally there’s also no protection for these users as no one knows that they are de-facto privileged. Attackers can take their chance and target these users for “under the radar” lateral movement.
- Stale accounts and shared accounts: common malpractice that creates a huge attack surface. Stale accounts are not protected (more than 15% of all users in many cases). Shared accounts can’t be protected with MFA. Both types are extensively targeted.
Yiftach also demonstrates how it’s possible to detect these types of attacks, as well as discuss best practices of how to mitigate identity weaknesses through security controls that include multi-factor authentication and identity segmentation.