By Rajat Bhargava Posted March 24, 2015
Identities are one of the most – if not the most – sought after digital assets today, with corporate identities being the most valuable. A hacker that gains access to the right credentials potentially has the keys to the kingdom, which is why the right corporate credentials are so valuable. The following number of techniques show how hackers steal these credentials.
Four Ways Hackers Can Steal Your Company’s Crown Jewels
Social Engineering: Sometimes they go directly by setting up phishing scams or through social engineering. Usually the people they are after are aware of these threats, so it is not always easy. However, the attackers have become more sophisticated and are going to great lengths to gain access to accounts and mimic the behavior of those users to gain further access or even to have third parties take action on their behalf.
Hacking Employee-Used Sites: Another method is to hack a different site that employees use that is easier to infiltrate. Once those usernames and passwords have been compromised, the hackers backtrack by using those same credentials for other services and even logins to corporate devices and applications. A number of companies have been compromised in this manner.
Compromising Partners and Vendors: Still another method that hackers use is to go through an organization’s partners and vendors. Often, an organization grants access to third parties. With more outsourcing and the network being a central part of an organization’s operations, more people have privileged access than ever before. The organization itself may be secure, but a compromise on their downstream partners or vendors could render them breached.
Traditional Techniques: Of course there are the old standby methods of brute force attacks, dictionary attacks, and automated attacks. All of these effectively are knocking on open ports and logins to devices to see if they can get lucky with the right usernames and password combination. While usually unsuccessful, they do sometimes find networks, servers, or ports that are still using default or commonly used credentials.
The number of different attack vectors is only growing. The question becomes, “How do organizations secure their identities?”. While it is never easy nor foolproof, there are some concrete steps that organizations can take. First, there should be a significantly higher bar for passwords. Research has shown that having longer passwords is better. Getting fancy with all of the different characters is not nearly as important as length. The second step is to use SSH keys whenever possible. Keys are a much stronger form of credentials compared to usernames and passwords. The third step is to enable multi-factor authentication wherever you can. If you use Google Apps (now known as G Suite), turn on MFA for all of your users. If you use AWS, turn it on for your root account. Adding MFA can be the difference between losing your business and keeping it. The fourth step is to monitor access to your various systems. If you see something suspicious, you need to follow-up on it. Of course, auditing your user logins takes time and tools, but it is well worth it.
Protect Your Corporate Identities
Your corporate identities are at risk. They are constantly being attacked and are the number one target within your organization. If you would like to discuss how to secure your identities, drop us a note. It is a core part of our thinking around why Directory-as-a-Service is the next generation model for directory services.