The recent Iranian Government-Sponsored APT that successfully compromised the Federal Civilian Executive Branch (FCEB) is an excellent case study in how hard it is to defend against motivated and persistent attackers.
There are several key lessons that should be taken away from this, including the importance of ensuring regular vulnerability scanning across the entire estate. Here, this would have identified the initial vector, Log4Shell.
Moreover, hardening EUDs is crucial to help reduce the impact and make lateral movement harder. Servers should also be hardened to reduce the likelihood of compromise or the facilitation of lateral movement.
It is also vital to carefully monitor the creation of new accounts, especially accounts within the “domain admins”. Alongside monitoring account creation, it is equally important to monitor “unusual RDP access” because this can be a tell-tale sign of lateral movement by a threat actor.
Finally, conducting an assumed breach assessment or a purple team can help identify areas that should be focused on, typically around the MITRE ATT&CK framework.
Instantly integrable eSIM capabilities
Trax Discusses Strategies for Tracking, Managing & Reducing Carbon Emissions within Supply Chains at Manifest
UK Government deploys Apple-Google model for COVID-19
Humax introduces Total Mobility Platform at MOVE2021
Decoding the Future: The Evolution of Cryptocurrency Markets
PTV Group signs an extension to the TfL contract for tactical and operational modelling software