Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

WikiLeaks’ CIA documents offer us an important reminder

October 20, 2017

  • Blog
  • Archive

With news breaking on the CIA’s ability to listen in via Smart TVs, many will be alarmed by the breadth of the exploits WikiLeaks has uncovered. The security industry has been warning of the dangers of Internet of Things devices for a long time and just last week, a hack on internet-connected teddy bears was making the headlines.

Some of the best practices used on traditional Windows or Mac systems such as patch management, not logging in as an admin user and controlling what applications can run, are either not implemented or simply don’t exist on these ‘smart’ devices. When devices like these are connected to corporate networks, it is crucial to focus on securing other endpoints as much as possible to limit lateral movement and segregate the environment where possible.

It is clear from these leaked documents that intelligence agencies have not only built their own tools but also borrowed techniques used in malware by cyber criminals. This demonstrates how capable many cyber criminals now are. Once again, tools such as AV have fallen short – they can be easily bypassed or disabled entirely. In one case, they cite that “heuristic detection can be avoided by renaming the .exe to a common installer name such as setup.exe” and in others, they detail tricks to disable AV entirely.

Wikileaks

Figure 1 https://wikileaks.org/ciav7p1/cms/page_2064514.html

All too often attackers can easily launch unknown applications, exploit user privileges and remain undetected in a network. With the leak detailing numerous zero day vulnerabilities and ways to evade detection, it is now more important than ever to look at what proactive measures can be taken to reduce the attack surface of your endpoints. Endpoints are where the code executes and where the data is accessed from, so we must build our defences from the endpoint out.

One important thing to note is how frequently the techniques are exploiting admin accounts, using a variety of approaches to silently bypass the Windows UAC prompt and leverage the user’s privilege. As shown in the 2016 Microsoft Vulnerability Report, admin accounts represent a huge threat to any organisation and removing them will significantly reduce the risk of attack.

Wikileaks2

Figure 2 https://wikileaks.org/ciav7p1/cms/page_20251107.html

Since the Snowdon revelations, there has been increased focus on secure communications -from projects like LetsEncrypt to secure website traffic to end to end encryption in messaging apps. This has caused both intelligence agencies and cyber criminals to renew their efforts in targeting endpoints to access data before it is encrypted and transmitted. This means that more than ever security strategies should start with protecting the endpoint.

When it comes to security in 2017 we need to assume the worst and think like an attacker. It doesn’t matter if the attacker is a nation state or a cyber criminal, the best defence is to reduce the attack surface as much as possible using layers of proactive defence.

Take a look at your endpoints from an attackers perspective, what could an attacker do if they exploited an application or convinced a user to run something? Once you’ve done this, think about what could be done to reduce this risk. Organisations who think like this are able to greatly reduce their risk and stay ahead of threats far more effectively.

James Maude

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.