Penetration Testing with Kali Linux OffSec


səhifə17/132
tarix21.12.2023
ölçüsü
#187693
1   ...   13   14   15   16   17   18   19   20   ...   132
PEN-200

“Lapsus$”
37
group performed a number of attacks on a wide range of companies, stealing 
proprietary information and engaging in extortion. These attacks resulted in a loss of corporate 
data - including proprietary data such as source code, schematics, and other documentation. The 
attacks further resulted in the public exposure of data, and financial losses for companies that 
submitted to extortion. 
The variety and sophistication of techniques used by the group show how this kind of malicious 
actor can be so dangerous. In particular, individuals within a group can bring their own specialties 
to the table that people working alone wouldn’t be able to leverage. In addition, they can launch 
many different types of attacks at targets at a volume and velocity that an individual wouldn’t be 
able to. There’s a common truism in the cybersecurity industry that the attacker only needs to 
succeed once, while the defender must succeed every time. The efficacy of groups of attackers 
highlights this asymmetry. 
There are also only a few targeted mitigations available for such a wide variety of attack vectors. 
Because recruiting employees was one of the techniques used, awareness of 
internal
threat 
actors and anomaly detection are key. 
Palo Alto Networks
38
additionally suggests focusing on 
security best practices such as MFA, access control, and network segmentation. 
Insider Threats
: Perhaps one of the most dangerous types of threat actor, an insider threat is 
anyone who already has privileged access to a system and can abuse their privileges to attack it. 
Often, insider threats are individuals or groups of employees or ex-employees of an enterprise 
that become motivated to harm it in some capacity. Insider threats can be so treacherous 
because they are usually assumed to have a certain level of trust. That trust can be exploited to 
gain further access to resources, or these actors may simply have access to internal knowledge 
that isn’t meant to be public. 
During a PPE shortage in 
March 2020
39
at the beginning of the COVID-19 pandemic, Christopher 
Dobbins, who had just been fired as Vice President of a medical packaging company, used a fake 
account that he had created during his employment to access company systems and 
change/delete data that was critical to the company’s distribution of medical supplies. 
This attack resulted
40
in the delayed delivery of critical medical supplies at a crucial stage of the 
pandemic and the disruption of the company’s broader shipment operations. The danger of an 
insider threat is showcased clearly here. The attack was enabled by a fake account created by a 
37
(Avertium, 2022), https://www.avertium.com/resources/threat-reports/in-depth-look-at-lapsus 
38
(Palo Alto Networks, 2022), https://unit42.paloaltonetworks.com/lapsus-group/#Mitigation-Actions 
39
(DOJ, 2020), https://www.justice.gov/usao-ndga/pr/former-employee-medical-packaging-company-sentenced-federal-prison-
disrupting-ppe 
40
(ZDnet, 2021), https://www.zdnet.com/article/disgruntled-former-vp-hacks-company-disrupts-ppe-supply-earns-jail-term/ 


Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
38 
vice-president, who may have had access to more permissions than what might be considered 
best practice for a VP of Finance. 
This attack likely could have been prevented by applying the 
principle of least privilege
, which we’ll 
explore in a later section. Since the attack was enabled by a fake account, it also could have been 
prevented by rigorously auditing accounts. Lastly, since this activity was performed after the VPs 
termination, better monitoring of anomalous activity may have also prevented or mitigated the 
attack. 
Nation States
: Although international cyber politics, cyber war, and digital intelligence are vast 
subjects and significantly beyond the scope of this Module, we should recognize that some of the 
most proficient, resourceful, and well-financed operators of cyber attacks exist at the nation-state 
level within many different countries across the globe. 
Since 2009, North Korean threat actors, usually grouped under the name 
Lazarus
,
41
have engaged 
in a number of different attacks ranging from data theft (Sony, 2014), to ransomware (WannaCry, 
2017) to financial theft targeting banks (Bangladesh Bank, 2016) and cryptocurrencies - notably, 
the 2022 Axie Infinity attack. These attacks have resulted in the loss and leak of corporate data, 
including proprietary data (Sony) and financial losses for companies that paid a ransom. 
An information assurance firm called 

Yüklə

Dostları ilə paylaş:
1   ...   13   14   15   16   17   18   19   20   ...   132




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin