Cybersecurity is a growing concern for businesses of all sizes. As technology advances, so do the methods of cyber criminals looking to exploit vulnerabilities in security systems.
One of the most common methods they use is credential-based attacks, which involve stealing or obtaining credentials illegitimately.
Microsoft Security sheds light on two types of credential-based attacks and how to prevent them:
- Phishing: Phishing emails and websites created to attack corporate targets only need to succeed once to gain credentials that can be sold to and shared with other bad actors. 93 percent of Microsoft recovery engagements reveal insufficient privilege access and lateral movement controls in organizations.
- Push-bombing: Push-bombing is an attack that triggers multiple access attempts with stolen credentials, causing a rush of push notifications to the target user’s device. This can confuse the target and cause them to mistakenly allow authentication. People receive an average of 60-80 push notifications per day, which can lead to distraction and mistakes.
So, how can organizations avoid such scenarios? Many attacks can be prevented—or at least made more difficult—through implementation and maintenance of basic security controls.
- First, use Multi-Factor Authentication (MFA) with “Number Matching” or similar functionality to enhance MFA protection. This involves accepting a push notification and inputting a matching number.
- Isolation is a fundamental protection for regaining control. Without isolation and strict control of communications and access between the security zones, this security model fails. As such, remote administration requires a computer in the same security zone.
- Establish a solid inventory of all technology assets. Continually update operating systems and software and maintain secure administrative practices.
- Finally, implement comprehensive centralized log collection with a well-defined retention policy.
In conclusion, as cyber threats continue to evolve, organizations need to stay vigilant and implement strong cybersecurity measures. By following these tips and staying informed, businesses can protect themselves from credential-based attacks and other cyber threats.