BR +55 11 3069 3925 | USA +1 469 620 7643

The Main Effects Caused by the Pandemic on Information Security

The Main Effects Caused by the Pandemic on Information Security

The Main Effects Caused by the Pandemic on Information Security

With the coronavirus pandemic, companies had to adapt and reframe their businesses, which brought many benefits in terms of growth and digital presence. Home office and hybrid jobs are already a reality for most companies, especially technology ones; physical servers are being moved to cloud environments; and companies had to change the way they present themselves in the market and relate to clients, using large volumes of data combined with tools and Artificial Intelligence as the main resources to improve business strategies and increase sales.

These positive changes in the digital transformation, in turn, have created an almost complete reliance on technology, increasing companies’ exposure to vulnerabilities and cyberattacks such as cloud server hacks, leaks, and data hijacking. The current context forces organizations to go through this transformation process, without which it is impossible to evolve. 

Therefore, all business leaders must be aware of the dangers they are exposing their business to and are prepared to protect themselves and deal with these risky situations as assertively as possible. From the users’ point of view, it is important to pay attention to the protection of their own data and put aside some habits of insecure behavior in the virtual environment.

Check out the main effects of the pandemic on Information Security, according to research released by IBM Security and Kaspersky data.

Increased Attacks in Cloud Environment

Due to the pandemic, many companies are moving to the cloud environment, which increases the flow of data and, consequently, the risk of threats and attacks. Work previously performed on a machine under the supervision of the company’s IT staff is now performed on a machine handed over to the user, with little or no control by the information security team. 

The companies’ IT infrastructures are also freed up for remote access on the employees’ own machines. All these factors increase the chances of attacks.

Another concern, according to IBM, is the fact that Linux is the main responsible for workloads in the cloud (about 90%) and a good part of malware attacks are related to this operating system, which only tends to increase the attacks in cloud environments that use these virtual machines. 

Cybercriminals Are Impersonating Famous Brands in Online Shopping

It is no surprise that the pandemic has generated an increase in online purchases. As a result, cyberattacks have also become more frequent, and the lack of information from many consumers on how to shop safely online is also a fertile ground for this. 

According to an IBM report, cybercriminals are posing as consumer-trusted brands more often. Adidas was one of the brands that drew the most attention from the attacks, due to the high demand from consumers for coveted products. 

The launch of a brand model in 2020 may have increased this wave of attacks. Users were directed to pages identical to the original ones and, when making payments, cyber criminals tried to steal financial information, passwords, personal information, and even break into the victim’s devices.

Ransomware Attacks Were the Biggest Since 2019

A ransomware attack takes place through malicious software that blocks access or encrypts the data on the system, network, or computer of companies and/or users. Generally, cyber criminals ask for millions of dollars, mainly from prominent companies and people, in exchange for returning these accesses.

Social distancing and the practice of home office during the pandemic have intensified ransomware attacks around the world. “People stayed at home and had time to explore vulnerabilities in systems and critical infrastructure,” explains Apostolos Malatras, leader of the knowledge and information team at ENISA (European Agency for Network and Information Security). 

According to numerous recent research, this category of scam is becoming increasingly popular, particularly on corporate networks, as they can offer higher amounts in exchange for regaining access to data.

In Brazil alone, there was a 350% increase in this type of attack, just in the first quarter of 2020, according to data from Kaspersky. Also according to these data, the country leads the ranking of the largest number of companies attacked by this type of threat during the pandemic. 

Ransom figures have increased a lot and created a very profitable business for criminals. According to Fabio Assolini, an expert at Kaspersky, in addition to a greater guarantee of profit from attacks on organizations, this increase was also due to the recent drop in the price of Bitcoin, the main digital currency used by hackers. 

According to the expert, “Criminals know that companies and individuals are more vulnerable and accessing corporate networks from potentially unprotected devices. This increases the risk”.

Are you enjoying this post? Join our Newsletter!

5 + 13 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

The Convenience and Practicality of the Digital Medium Surpassed Security and Privacy

It is not new that society seeks agility and convenience in its daily activities. However, during the pandemic, this search has intensified. Everything has become more convenient and practical so that the fewer clicks to complete a task, the better and more satisfying it is for the user. In the research report released by IBM, about two-thirds of the population expect to spend less than  5 minutes setting up a new digital account.

This is a reflection of the digital convenience that has affected businesses and users around the world. Also according to this data, the rapid digital transformation of companies and the users’ lack of concern with the security of their data have facilitated the increase in data leaks, theft, and hijacking attacks. 

In addition, the inclusion of more users in the digital context implies an increase in the number of online accounts, which, consequently, increases the number of insecure passwords and people more uninformed about the protection of their own data. 

This digital dependency requires a close look at security risks. Nevertheless, companies are still looking to adjust the speed of posture to face the pandemic with the necessary security measures and embark on the digital journey, which has resulted in very high losses for the recovery from cyberattacks by some organizations. 

What Are the Main Security Recommendations?

In the pandemic scenario, it has never been easier for cybercriminals to gain access to sensitive user and business data. Therefore, cybersecurity must be seen in the same way as infectious agents, such as viruses and bacteria in our body, as the consequences of a cyberattack, which today is already classified as the fifth-biggest risk in the world, can be catastrophic for the functioning of society in all verticals.

In the words of Harles Henderson, Global Management Partner and Head of IBM Security X-Force, “With passwords becoming less and less reliable, one way organizations can adapt, beyond multifactor authentication, is to opt for a ‘zero trust’ approach: apply artificial intelligence and advanced analytics throughout the process to detect potential threats, rather than assuming a user is trusted after authentication.” 

In this type of approach, one must start from the idea that their network may already be compromised and carry out daily validations of the connection between users, data, and resources. Another recommendation from the expert is to invest in data protection and privacy policies, in addition to conducting ongoing security tests and reassessing the effectiveness of the incident response plan.

Did you like the content? We recommend the following reading: Zero Trust-based Security Approaches.

The Main Effects Caused by the Pandemic on Information Security

With the coronavirus pandemic, companies had to adapt and reframe their businesses, which brought many benefits in terms of growth and digital presence. Home office and hybrid jobs are already a reality for most companies, especially technology ones; physical servers...

What is SQL Injection and How to Prevent This Attack?

SQL Injection is one of the most dangerous vulnerabilities for websites and online applications. It occurs when a user adds untrusted data to a database query, for example, when filling out a web form.  If data injection is enabled, attackers can create user input to...

Ransomwares are everywhere: get to know this trend (and #stopransomwareattacks!)

When it involves ransomware protection, it is better to be safer than sorry, isn't it? To achieve this goal, a vigilant outlook and the right security software are essential, since a moment of carelessness is enough to fall victim to a cyberattack. You probably know...

My Company Suffered a Ransomware Attack: Should I Pay the Ransom or Not?

Ransomware attacks are one of the biggest fears of companies today. Imagine having to use your business resources to pay cybercriminals. This is a reality that happens. However, in case your company suffers a ransomware attack, what is the best option: To pay or not...

How Do Pass-the-hash Attacks Work?

Despite being something old, from the 1990s, few people know how pass-the-hash attacks work. Keep reading the article to find out! Where Did the Name “Pass-the-hash” Come From? Pass-the-hash attacks occur when an attacker steals a user’s credential with a hash...

What is SQL Injection and How to Prevent This Attack?

What is SQL Injection and How to Prevent This Attack?

What is SQL Injection and How to Prevent This Attack?

SQL Injection is one of the most dangerous vulnerabilities for websites and online applications. It occurs when a user adds untrusted data to a database query, for example, when filling out a web form. 

If data injection is enabled, attackers can create user input to steal valuable data, bypass authentication, or corrupt records in your database.

 There are different types of SQL injection attacks, but in general, they all have a similar cause. Untrusted data that the user enters is concatenated with the query string. 

Therefore, user input can change the original intent of the query and lead to numerous security issues

In this article, we cover and recommend some best practices for technicians to use in preventing SQL Injection attacks. Keep reading and understand more about these practices! 

Do Not Rely on Client-side Input Validation

Client-side input validation is an excellent practice to prevent SQL Injection attacks. With client-side input validation, you can now prevent invalid information from being sent to your system logic. However, this only works for users who have no bad intentions and want to use the system as designed. 

Providing the user with direct feedback that a certain value is not valid is very useful and simple. Therefore, you should use client-side validation to help your user experience. 

When looking at SQL injection, this is not a method you should trust. You can remove client-side validation by changing some Javascript code loaded in your browser. 

Also, it is very easy to make a basic HTTP call to the backend in a client-server architecture with a parameter that causes an SQL injection. Maybe using tools the old-school curl commands.

You should validate the server-side, preferably as close to the source as possible. In this case, you create the SQL query. Anything a client sends you should be considered potentially harmful. So, in this case, relying on client-side validation for SQL injection is a terrible idea.

Use Database Engines With Restricted Privileges

When creating a database user for your application, you should think about this user’s privileges.

Does the application need to be able to read, write and update all databases? How about truncating or dropping tables? If you limit your application’s privileges on the database, you can minimize the impact of SQL injection. 

It is advisable not to have a single database user for your application, but to create multiple database users and connect them to specific application roles with different privileges. Security issues are likely a ripple effect, so you should be aware of all relationships to avoid heavy damage.

Use Ready-made Instructions and Query Parameterization

Many languages have built-in features available that help prevent SQL injection. When writing SQL queries, you can use something like a ready-made statement to compile the query. 

With a ready-made statement, we can perform query parameterization, which is a technique to dynamically create SQL statements. You create the base query with some placeholders and securely attach user-supplied parameters to those placeholders.

When using a real ready-made statement and parameterized queries, the database itself actually takes care of the escape. First, it builds the query execution plan based on the query string with placeholders. 

In the second step, the (untrusted) parameters are sent to the database. The query plan is already created, so the parameters no longer influence this. This avoids the injection completely.

Are you enjoying this post? Join our Newsletter!

1 + 3 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

Scan Your Code for SQL Injection Vulnerabilities

Creating custom code is probably easy. However, mistakes are easily made. To verify your code, you can have processes in place, such as code review and pair programming. 

Nevertheless, the person who reviews your pair code with you needs to be well versed in cybersecurity. Regardless, it would be nice to automatically scan your custom code for possible security vulnerabilities.

With the services of some tools, you can automatically inspect your code for security vulnerabilities. This can be easily automated in your system, making it easy to search for “loopholes” used by cybercriminals to break into your structures. 

Run Input Validation

Yes, you must do input validation, always! Although statements prepared with query parameterization are the best defense against SQL injection, always create multiple layers of defense. As well as having limited privileges for a database user, input validation is a great practice to reduce risk to your overall application.

Moreover, there are situations where ready-made statements are not available. Some languages do not support this mechanism, or older database systems do not allow you to provide user input as a parameter. Input validation is an acceptable alternative in these cases.

Make sure that input validation depends on the whitelist and not the blacklist as described above. Create a rule that clearly describes all allowed defaults. 

Be Careful With Stored Procedures

Many people believe that working with stored procedures is a good way to avoid intrusions. This is not always the case. Similar to SQL queries created in your application, a stored procedure can also be maliciously injected. 

Like SQL queries in your application, you must parameterize queries in your stored procedure rather than concatenating parameters. SQL injection into a stored procedure is very easy to prevent.

Make sure you know how to implement stored procedures for your database and be aware of SQL Injections as well.

Did you like everything that was discussed here? So, add to your reading and learn what the most common cyberattacks are in businesses and how to prevent them right now.

The Main Effects Caused by the Pandemic on Information Security

With the coronavirus pandemic, companies had to adapt and reframe their businesses, which brought many benefits in terms of growth and digital presence. Home office and hybrid jobs are already a reality for most companies, especially technology ones; physical servers...

What is SQL Injection and How to Prevent This Attack?

SQL Injection is one of the most dangerous vulnerabilities for websites and online applications. It occurs when a user adds untrusted data to a database query, for example, when filling out a web form.  If data injection is enabled, attackers can create user input to...

Ransomwares are everywhere: get to know this trend (and #stopransomwareattacks!)

When it involves ransomware protection, it is better to be safer than sorry, isn't it? To achieve this goal, a vigilant outlook and the right security software are essential, since a moment of carelessness is enough to fall victim to a cyberattack. You probably know...

My Company Suffered a Ransomware Attack: Should I Pay the Ransom or Not?

Ransomware attacks are one of the biggest fears of companies today. Imagine having to use your business resources to pay cybercriminals. This is a reality that happens. However, in case your company suffers a ransomware attack, what is the best option: To pay or not...

How Do Pass-the-hash Attacks Work?

Despite being something old, from the 1990s, few people know how pass-the-hash attacks work. Keep reading the article to find out! Where Did the Name “Pass-the-hash” Come From? Pass-the-hash attacks occur when an attacker steals a user’s credential with a hash...

Ransomwares are everywhere: get to know this trend (and #stopransomwareattacks!)

Ransomwares are everywhere: get to know this trend (and #stopransomwareattacks!)

Ransomwares are everywhere: get to know this trend (and #stopransomwareattacks!)

When it involves ransomware protection, it is better to be safer than sorry, isn’t it? To achieve this goal, a vigilant outlook and the right security software are essential, since a moment of carelessness is enough to fall victim to a cyberattack.

You probably know what ransomware is, but it is worth remembering: it is a type of extortion malware that can lock down your computer and then demand a ransom to return the operating systems. In May 2017, for example, the WannaCry variant spread around the world and reached more than 100 million users, claiming some major victims, such as the UK’s National Health Service (NHS). It infected more than 230,000 computers in 150 countries in just one day.

Since then, ransomware has spread around the world, with new types and new hits, and with that, cybersecurity solution makers have increasingly focused their actions on preventing attacks by this “pirate” of nowadays. And to support the fight against this increasingly frequent cybercrime, we launched the #stopransomwareattacks campaign on our social networks, with the aim of raising awareness among IT professionals and society about the variety of ways this malware appears on operating systems and the risks caused by a simple click.

What are the kinds of attacks?

The forms of attacks are diverse: ranging from messages about unlicensed applications to false claims about inappropriate content, in some cases resulting in the payment of fines or the need to restore devices to factory settings.

From the most aggressive to the most imperceptible forms, some of the main ransomware variants are:

Petya: It goes beyond hacking into files and can bring the entire system to a halt, causing devastating results.

zCrypt: It does not attack files directly; it acts like a classic virus, acting on recently handled files to boost the impact.

Jigsaw: This attack begins with a simple greeting message, followed by a ransom demand, threatening the victim with the removal of all their data within 72 hours.

Wannacry: The infection by this ransomware was indeed a global epidemic, scaring everyone and causing companies and government agencies to rush to seek protection solutions. The losses caused by this malicious software are estimated to have totaled $4 billion worldwide.

Ransomware, in all its forms and variants, represents a significant threat to both independent users and enterprises. That’s why it’s even more important to be aware of the threats it portrays and be extra careful in eventualities. 

Join the #stopransomwareattacks campaign! Post pictures on your social media networks with signs written with the hashtag, tag senhasegura’s profile and share with friends… Let’s stop the dynamics of malicious activity!

If you want to know more about how ransomware acts on a system, senhasegura will promote the webinar “Dissecting Ransomware Attack – Protecting your Company Accesses” on the October 26th at 3pm (CET), with a live demonstration by Cybersecurity Researcher, Filipi Pires, and by senhasegura’s System Analyst, Gabriel Oba, who will clarify all doubts with a highly conscious approach to the use of devices and what is the adequate product to mitigate the risks of this type of malicious attack.

 

LEARN MORE 

 

Are you enjoying this post? Join our Newsletter!

8 + 5 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

The Main Effects Caused by the Pandemic on Information Security

With the coronavirus pandemic, companies had to adapt and reframe their businesses, which brought many benefits in terms of growth and digital presence. Home office and hybrid jobs are already a reality for most companies, especially technology ones; physical servers...

What is SQL Injection and How to Prevent This Attack?

SQL Injection is one of the most dangerous vulnerabilities for websites and online applications. It occurs when a user adds untrusted data to a database query, for example, when filling out a web form.  If data injection is enabled, attackers can create user input to...

Ransomwares are everywhere: get to know this trend (and #stopransomwareattacks!)

When it involves ransomware protection, it is better to be safer than sorry, isn't it? To achieve this goal, a vigilant outlook and the right security software are essential, since a moment of carelessness is enough to fall victim to a cyberattack. You probably know...

My Company Suffered a Ransomware Attack: Should I Pay the Ransom or Not?

Ransomware attacks are one of the biggest fears of companies today. Imagine having to use your business resources to pay cybercriminals. This is a reality that happens. However, in case your company suffers a ransomware attack, what is the best option: To pay or not...

How Do Pass-the-hash Attacks Work?

Despite being something old, from the 1990s, few people know how pass-the-hash attacks work. Keep reading the article to find out! Where Did the Name “Pass-the-hash” Come From? Pass-the-hash attacks occur when an attacker steals a user’s credential with a hash...

My Company Suffered a Ransomware Attack: Should I Pay the Ransom or Not?

My Company Suffered a Ransomware Attack: Should I Pay the Ransom or Not?

My Company Suffered a Ransomware Attack: Should I Pay the Ransom or Not?

Ransomware attacks are one of the biggest fears of companies today. Imagine having to use your business resources to pay cybercriminals. This is a reality that happens.

However, in case your company suffers a ransomware attack, what is the best option: To pay or not to pay the ransom? That is exactly what we will talk about in this article.

Keep reading and understand how to handle this type of situation.

What is a Ransomware Attack?

A ransomware attack consists of blocking data from computers and servers through encryption.

The hacker blocks this data and demands the payment of the ransom through a type of digital currency, such as Bitcoin.

The promise made is that the data will only be released when the ransom is paid.

How Does a Ransomware Attack Work?

One of the biggest risks to a company’s information security is cyberattacks, as hackers are aware of possible system security flaws due to data transfer between the various devices connected to the server.

The moment a hacker identifies a security loophole in the system, they prepare their attack.

As far as ransomware is concerned, computer files are encrypted and ransom is requested for the data to be released again.

It is possible to fix these flaws before hacker attacks happen through system updates, but this does not always happen in a timely manner and hackers are usually quite quick in their actions.

One of the ways to avoid ransomware is to keep operating systems always up-to-date, as malware easily invades when it perceives a system failure.

Another way ransomware attack can happen is through phishing which, in practice, occurs through an email sent with a strange attachment or code to your inbox.

This email arrives disguised as a known sender, such as an employee of the company itself, causing a person to open the attachment without so much suspicion.

By clicking on such an attachment, the virus gains access to all computers and devices connected to the system and the ransomware begins to encrypt the files until they are all taken “hostages”, and remain so until the desired payment is made to the cybercriminals.

It is important to mention that, although the hacker promises to release access to the data after payment, this may not happen, as these people are not trustworthy to simply believe their words without guarantees.

Also take the opportunity to read: The pillars of information security: part 2

Learn How to Handle a Ransomware Attack

In case a ransomware attack happens in your company, you must immediately notify the IT team who will be responsible for finding the last backup performed on the system.

When it occurs at home, the ideal is to disconnect the computer from the network and look for a professional who is an expert in information security to help you solve the problem.

One of the ways to protect yourself from these hacker attacks is to have an antivirus in your system, always kept up to date, in addition to performing regular backups of your data, preparing for possible losses in the future.

To Pay or Not to Pay for a Ransomware Attack?

Experts on the subject defend the idea that not paying for ransomware attacks is the best option because, as already mentioned, cybercriminals offer no guarantee that they will release the data later.

In some cases of this malware, it is entirely possible to solve the problem with the use of a good antivirus, for example.

When it comes to recovering data such as personal photos, legal documents, medical reports, and such, you must decide between the risk of paying and getting them back or not.

In the end, the most appropriate way to avoid these hacker attacks is to keep your system constantly protected by antivirus and security tools that cover cyberattacks like this one.

Furthermore, it is important to keep backups always up to date and your data stored in the cloud as another secure way to protect yourself.

It is worth noting that making payment for this type of hacker attack may even be considered illegal, as threats to sell or disclose confidential information on the dark web is a form of extortion, which is a crime under the law, as reported on Welivesecurity.

This is one of the cases where relying on a company that specializes in digital solutions becomes essential for good performance and data security in your company.

Was this content useful for you? Also read: Is Your Company Really Prepared for a Cyberattack?

Are you enjoying this post? Join our Newsletter!

10 + 5 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

The Main Effects Caused by the Pandemic on Information Security

With the coronavirus pandemic, companies had to adapt and reframe their businesses, which brought many benefits in terms of growth and digital presence. Home office and hybrid jobs are already a reality for most companies, especially technology ones; physical servers...

What is SQL Injection and How to Prevent This Attack?

SQL Injection is one of the most dangerous vulnerabilities for websites and online applications. It occurs when a user adds untrusted data to a database query, for example, when filling out a web form.  If data injection is enabled, attackers can create user input to...

Ransomwares are everywhere: get to know this trend (and #stopransomwareattacks!)

When it involves ransomware protection, it is better to be safer than sorry, isn't it? To achieve this goal, a vigilant outlook and the right security software are essential, since a moment of carelessness is enough to fall victim to a cyberattack. You probably know...

My Company Suffered a Ransomware Attack: Should I Pay the Ransom or Not?

Ransomware attacks are one of the biggest fears of companies today. Imagine having to use your business resources to pay cybercriminals. This is a reality that happens. However, in case your company suffers a ransomware attack, what is the best option: To pay or not...

How Do Pass-the-hash Attacks Work?

Despite being something old, from the 1990s, few people know how pass-the-hash attacks work. Keep reading the article to find out! Where Did the Name “Pass-the-hash” Come From? Pass-the-hash attacks occur when an attacker steals a user’s credential with a hash...

How Do Pass-the-hash Attacks Work?

How Do Pass-the-hash Attacks Work?

How Do Pass-the-hash Attacks Work?

Despite being something old, from the 1990s, few people know how pass-the-hash attacks work.

Keep reading the article to find out!

Where Did the Name “Pass-the-hash” Come From?

Pass-the-hash attacks occur when an attacker steals a user’s credential with a hash function.

Without “breaking” this function, the attacker reuses it to trick an authentication system into creating a new authenticated session on the same network.

For those who are not aware of it, a hash function is any algorithm that maps large, variable-sized data to small, fixed-sized data.

Hash functions are widely used in order to verify the integrity of downloads, search for elements in databases, or transmit and store passwords.

Hence the “pass-the-hash” name, which literally means this—exactly what attackers do through this attack.

How Are Pass-the-hash Attacks in Information Technology Classified?

Pass-the-hash attacks are primarily a lateral movement technique.

This means hackers are using the hash to extract additional information and credentials after they have already compromised a device.

By moving “sideways” between devices and accounts, attackers can “pass the hash” to get all the correct credentials from someone else.

With this, they can eventually “scale up” their domain privileges and access more influential systems, like an administrator account on their personal computer, without even needing their password.

Another interesting fact is that most of the movement performed during a pass-the-hash attack uses a remote software program, such as malware.

What Operating Systems Do Pass-the-hash Attacks Work On?

Typically, pass-the-hash attacks target Windows systems.

However, they can also work against other operating systems, in some cases on any authentication protocol such as Kerberos.

Windows is especially vulnerable to these attacks because of its single sign-on function.

This function allows users who, by entering the password only once, can access all the features they want.

The single sign-on function also requires users’ credentials to be cached on the system, making it easier for attackers to access.

That is one of the reasons why it is so important to know the 7 Tips to Prevent Cyberattacks While Remote Working.

How Do Pass-the-hash Attacks Work?

To perform a pass-the-hash attack, the attacker first obtains the hashes of the targeted system using any number of hash dump tools, such as fgdump and pwdump7.

The attacker then uses these tools to place the obtained hashes into a Local Security Authority Subsystem Service (LSASS).

Pass-the-hash attacks are often targeted at Windows machines due to the security vulnerability of NTLM (New Technology Local Area Network Manager) hashes once administrator privileges have been obtained.

These attacks often trick a Windows-based authentication system into “believing” that the attacker’s endpoint is the legitimate user’s endpoint.

Thus, the system automatically supplies the necessary credentials when the attacker tries to access the targeted system.

And all this can be done, as already said, without the need for the original password.

The key used by attackers to perform these types of attacks is the NTLM hash, which is nothing more than fixed-length mathematical codes derived from passwords.

NTLM hashes allow the attacker to use compromised domain accounts without extracting the password in plain text.

This is because computer operating systems such as Windows never actually send or save user passwords on their network.

Instead, these systems store passwords as encrypted NTLM hashes, which represent the password, but cannot be reverse-engineered.

NTLM hashes can still be used in place of a password to access various accounts and resources on the network.

For an attacker to be able to access LSASS, they must successfully compromise a computer to the point where the malware can run with local administrator rights.

Therefore, this is one of the biggest obstacles to pass-the-hash attacks. And knowing how to securely control your privileged accounts with PEDM is another big obstacle, too.

Once a Windows-based machine is compromised and the deployed malware is given access to local usernames and NTLM hashes, do you know what happens?

The attacker can even choose whether to get more credentials or try to access network resources using privileged user credentials.

By gathering more user credentials, an attacker can retrieve the credentials of users who have separate accounts on the Windows machine, such as a service account, or who still have remote access to the computer with an administrator login, for example.

Remote information technology (IT) administrators connecting to the compromised Windows machine will expose their NTLM username and hash to the now-integrated malware.

An attacker with IT administrator credentials can then move “sideways” across networked devices.

The “lateral movement” is an effective way to search for users with elevated privileges, such as administrative rights to protected resources.

Privilege escalation can be achieved by locating the credentials of an administrator with greater administrative access.

These elevated features can also include access to customer databases and email servers.

What Can Pass-the-hash Attacks Do to My Computer?

Because this type of attack exploits the features and capabilities of the NTLM protocol, the threat can never be completely eliminated.

Once an attacker compromises a computer, pass-the-hash becomes just one of the malicious activities that can be performed.

A 2019 study found that 95% of its 1,000 respondents experienced a direct business effect from pass-the-hash in their organizations.

About 40% of these attacks resulted in lost revenue and 70% incurred increased operational costs.

No wonder that many IT experts consider pass-the-hash attacks to be among the top cybersecurity vulnerabilities in Industry 4.0.

Are you enjoying this post? Join our Newsletter!

11 + 1 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

 

How to Avoid Pass-the-hash Attacks?

Unfortunately, there are many ways for hackers to remotely compromise a computer, and they are constantly evolving.

For this reason, cybersecurity measures will never be 100% effective, which is why multiple mitigation techniques are often used at the same time.

Recognizing that even knowing how pass-the-hash attacks work cannot prevent them all, companies can try to improve their detection strategies as well as their prevention measures.

Workstation logs are one of the most common ways to reliably monitor administrative activities.

These logs can track privilege assignments as well as successful login attempts.

Target server logs and domain controller logs are useful for the same reasons.

To mitigate the threat of pass-the-hash attacks, organizations must also ensure that domain controllers can only be accessed from trusted systems without Internet access.

Two-factor authentication using tokens should also be applied, as well as the principle of least privilege — in that sense, adopting Zero Standing Privileges (ZSP) is an option.

Organizations must closely monitor hosts and traffic on their networks for suspicious activity.

Request a free demo of cybersecurity services right now and stay protected from these types of threats!

Source:

https://www.guiadoti.com/2018/04/entendendo-o-ataque-pass-the-hash-ntlm/

https://docs.microsoft.com/pt-br/defender-for-identity/lateral-movement-alerts

 

The Main Effects Caused by the Pandemic on Information Security

With the coronavirus pandemic, companies had to adapt and reframe their businesses, which brought many benefits in terms of growth and digital presence. Home office and hybrid jobs are already a reality for most companies, especially technology ones; physical servers...

What is SQL Injection and How to Prevent This Attack?

SQL Injection is one of the most dangerous vulnerabilities for websites and online applications. It occurs when a user adds untrusted data to a database query, for example, when filling out a web form.  If data injection is enabled, attackers can create user input to...

Ransomwares are everywhere: get to know this trend (and #stopransomwareattacks!)

When it involves ransomware protection, it is better to be safer than sorry, isn't it? To achieve this goal, a vigilant outlook and the right security software are essential, since a moment of carelessness is enough to fall victim to a cyberattack. You probably know...

My Company Suffered a Ransomware Attack: Should I Pay the Ransom or Not?

Ransomware attacks are one of the biggest fears of companies today. Imagine having to use your business resources to pay cybercriminals. This is a reality that happens. However, in case your company suffers a ransomware attack, what is the best option: To pay or not...

How Do Pass-the-hash Attacks Work?

Despite being something old, from the 1990s, few people know how pass-the-hash attacks work. Keep reading the article to find out! Where Did the Name “Pass-the-hash” Come From? Pass-the-hash attacks occur when an attacker steals a user’s credential with a hash...