The recent Iranian Government-Sponsored APT that successfully compromised the Federal Civilian Executive Branch (FCEB) is an excellent case study in how hard it is to defend against motivated and persistent attackers.
There are several key lessons that should be taken away from this, including the importance of ensuring regular vulnerability scanning across the entire estate. Here, this would have identified the initial vector, Log4Shell.
Moreover, hardening EUDs is crucial to help reduce the impact and make lateral movement harder. Servers should also be hardened to reduce the likelihood of compromise or the facilitation of lateral movement.
It is also vital to carefully monitor the creation of new accounts, especially accounts within the “domain admins”. Alongside monitoring account creation, it is equally important to monitor “unusual RDP access” because this can be a tell-tale sign of lateral movement by a threat actor.
Finally, conducting an assumed breach assessment or a purple team can help identify areas that should be focused on, typically around the MITRE ATT&CK framework.
No such thing as a security Nirvana
Create, Customize, and Transform with PicLumen’s AI Photo Tools
ABB Information Systems Selects Google Cloud to Expand its Cloud Footprint
WDT goes new ways to conquer supply chain complexity with Körber
Ultraport’s Punta Arenas Goes Live with Octopi by Navis
Körber acquires majority stake in Cohesio Group and expands business with voice and robotics supply chain solutions