Deceptions Everywhere ®

Insights on threat and cyber risk trends, use cases for deception technology and strategies for combatting targeted attacks

Attackers Like Credentials More Than Exploit Kits, IAM & PAM

You're vulnerable. And cyber attackers know it.

Read More

A Deception Technologist’s View of Cloud Security

As I sat down to write this post, I couldn’t help amusing myself with yet another corny “cloud” analogy: The potential for lateral movement between different parts of the extended corporate ecosystem is a bit like all the different types of lightening there are. If, besides being a tech geek, you are also a weather geek, you can read about lighting here. Among other things, this site explains that “Anvil Crawlers are horizontal tree-like, in-cloud lightning discharges whose leader propagation is slow enough… that a human observer… can see its rapid motion across the sky.” Where cloud security is concerned, Illusive’s aim is to make malicious lateral movement to, from, and between clouds slow and visible to the human eye—so that security teams can stop cyberattacks before a successful strike. Read More

Attackers Use Privileged Credentials in Domain Persistence

The top risk cyberattackers face is the risk of getting caught. But executing an attack is typically a labor-intensive process. Attackers also worry that the access they’ve worked so hard to establish might suddenly get cut off if a password gets changed or an account they’re using is retired or removed from the domain.

Read More

Automated Cybercrime Needs Automated Cyber Defenses

The epic and exponential rise in cybercrime is a subject of near-daily discussion in the national and local news. Whether it’s from ransomware, identity theft, digital corporate espionage, information warfare, compromised election systems or hacked critical infrastructures—increasingly all of our information systems are under attack. While the media is quick to report on the “what” of each data breach (for example, company X was hacked so change your password to that account), they rarely delve into the why and the how. How are these attacks taking place, and why are they growing at a pace so much quicker than all other forms of criminal activity? Without understanding the “why and how” of cybercrime, we are doomed to fail in our battle against cyberattacks. 

Read More

4 Quick Thoughts On The Marriott Breach: Not A Usual Crime

My phone’s been ringing this morning from people wanting to talk about the massive Marriott breach — the revelation that private data associated with up to 500 million people may have been compromised. I’m sure there’s a lot more to learn from the details, but in the meantime, I’ll take a quick minute to jot down some initial thoughts:

Read More

Meet & Exceed PCI-DSS Compliance Before Cyber Monday

In 2004, the Payment Card Industry Data Security Standard (PCI DSS) became a fact of life for organizations that accept payment via credit or debit cards. In that year, the leading card issuers rolled out the first iteration of its security standard, designed to improve protection of payment systems as credit card data became a prime target for cyberattackers. Today, even as organizations have entire teams dedicated to PCI compliance, one consumer business after another—including Macy’s, Adidas, Panera Bread and Chili’s—have been breached, resulting in exposure of cardholder data. Read More

Ponemon Reports on How Security Teams Defend After a Breach

Moody's Cyber Risk Group: “Cyber becomes more and more important.”

On November 12, Moody’s announced its intent to start incorporating in its credit rating method the degree to which an organization faces risk of major impact from a cyberattack. This follows the news, back in February 2018, that the Securities and Exchange Commission issued additional guidance on its requirement that public companies must “inform investors about material cybersecurity risks and incidents,” even if they have not yet been the target of a cyberattack.  

Read More

Increase Cybersecurity During Mergers And Acquisitions

More than $2.5 trillion in mergers were announced in the first half of 2018[1]a new record. Ranked by value of the deal, energy and power deals led, followed by media and entertainment, with healthcare and industrials close behind. Industries are converging and organizations are using acquisitions, divestitures, and other forms of asset remix to reposition their businesses. For example, there are numerous mergers among pharmaceutical, life sciences, and biotech companies as they seek to gain traction in a highly fragmented market. EY predicts that the total value of life sciences M&A will surpass $200 billion in 2018. According to Deloitte, technology acquisition is the primary driver of M&A pursuits, ahead of expanding customer bases in existing markets, and adding products or services[3].

Read More

Why Healthcare Cybersecurity Should Focus on the Attacker?

At a recent industry event, I got to chatting with the CISO of a major children’s hospital. Over a beer, he shared with me the challenges he faces daily. Our far-reaching conversation covered nation-state actors enticing students to exfiltrate clinical trial test results, to his search for a secure USB port cover for patient-facing devices. Maybe it was the beer, but as he described his tribulations, each to me worse than the next, his enthusiasm and energy grew. Every so often he stopped to shake his head in disbelief at his own story as if to say, “Even I can’t believe how bad this is…” 

Read More

3 Ways Privileged Credentials Are Available to Cyberattacker

Preventing the ability of attackers to perform lateral movement within your network is not only a threat detection function—it’s also a cyber hygiene function. In this blog, we’ll review some of the most common—and invisible—ways that privileged user credentials proliferate in enterprise networks. It’s well understood that domain admin or other high-powered credentials are gold to a cyberattacker. With “keys to the kingdom,” they can move easily and silently from one system to another, change domain attributes, add permissions, change passwords, and connect to any machine in the domain. Most organizations dedicate significant resources to careful management of Active Directory and use various technologies and practices to control access privileges. But our experience shows that even in the most diligent organizations, privileged user credentials are more accessible to attackers than you’d think. Read More