Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

WikiLeaks’ CIA documents offer us an important reminder

October 20, 2017

  • Blog
  • Archive

With news breaking on the CIA’s ability to listen in via Smart TVs, many will be alarmed by the breadth of the exploits WikiLeaks has uncovered. The security industry has been warning of the dangers of Internet of Things devices for a long time and just last week, a hack on internet-connected teddy bears was making the headlines.

Some of the best practices used on traditional Windows or Mac systems such as patch management, not logging in as an admin user and controlling what applications can run, are either not implemented or simply don’t exist on these ‘smart’ devices. When devices like these are connected to corporate networks, it is crucial to focus on securing other endpoints as much as possible to limit lateral movement and segregate the environment where possible.

It is clear from these leaked documents that intelligence agencies have not only built their own tools but also borrowed techniques used in malware by cyber criminals. This demonstrates how capable many cyber criminals now are. Once again, tools such as AV have fallen short – they can be easily bypassed or disabled entirely. In one case, they cite that “heuristic detection can be avoided by renaming the .exe to a common installer name such as setup.exe” and in others, they detail tricks to disable AV entirely.

Wikileaks

Figure 1 https://wikileaks.org/ciav7p1/...

All too often attackers can easily launch unknown applications, exploit user privileges and remain undetected in a network. With the leak detailing numerous zero day vulnerabilities and ways to evade detection, it is now more important than ever to look at what proactive measures can be taken to reduce the attack surface of your endpoints. Endpoints are where the code executes and where the data is accessed from, so we must build our defences from the endpoint out.

One important thing to note is how frequently the techniques are exploiting admin accounts, using a variety of approaches to silently bypass the Windows UAC prompt and leverage the user’s privilege. As shown in the 2016 Microsoft Vulnerability Report, admin accounts represent a huge threat to any organisation and removing them will significantly reduce the risk of attack.

Wikileaks2

Figure 2 https://wikileaks.org/ciav7p1/...

Since the Snowdon revelations, there has been increased focus on secure communications -from projects like LetsEncrypt to secure website traffic to end to end encryption in messaging apps. This has caused both intelligence agencies and cyber criminals to renew their efforts in targeting endpoints to access data before it is encrypted and transmitted. This means that more than ever security strategies should start with protecting the endpoint.

When it comes to security in 2017 we need to assume the worst and think like an attacker. It doesn’t matter if the attacker is a nation state or a cyber criminal, the best defence is to reduce the attack surface as much as possible using layers of proactive defence.

Take a look at your endpoints from an attackers perspective, what could an attacker do if they exploited an application or convinced a user to run something? Once you’ve done this, think about what could be done to reduce this risk. Organisations who think like this are able to greatly reduce their risk and stay ahead of threats far more effectively.

Photograph of James Maude

James Maude, Lead Cyber Security Researcher

James Maude is the Lead Cyber Security Researcher at BeyondTrust’s Manchester, U.K., office. James has broad experience in security research, conducting in-depth analysis of malware and cyber threats to identify attack vectors and trends in the evolving security landscape. His background in forensic computing and active involvement in the security research community makes him an expert voice on cybersecurity. He regularly presents at international events and hosts webinars to discuss threats and defense strategies.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.