Page 140 - Cyber Defense eMagazine September 2023
P. 140

strong  password  policies,  encourage  the  use  of  password  managers,  and  implement  multi-factor
            authentication across their systems.

            Password  management  tools can  help  employees  generate  and  store  complex  passwords  securely.
            Implementing single sign-on (SSO) solutions can also reduce the burden of managing multiple passwords
            while enhancing security. Regular password change policies, combined with educating employees on
            the  importance  of  password  hygiene,  can  further  strengthen  the  organisation's  defence  against
            password-related attacks.

            Insufficient network segmentation and access controls also contributed to the successful attack on these
            organisations through the vendor route. By failing to separate critical systems and limit access privileges
            based on the principle of least privilege, companies inadvertently create avenues for lateral movement
            within their networks. A compromised account in one department can easily result in widespread access
            across the entire network, making it easier for cybercriminals to exfiltrate sensitive data.

            Vendor-related cyber attacks can be particularly dangerous because they bring the challenge of supply
            chain vulnerability into sharp focus. Vendors often have privileged access to critical systems or sensitive
            data of the companies they work with. If a vendor is compromised, attackers can exploit this access to
            infiltrate the target organisation’s network, bypassing traditional security controls.



            Cascading attacks

            Since  many  organisations  rely  on  multiple  vendors  for  various  services,  products,  or  software
            components,  this  means  the  impact  of a  successful  attack can  span  multiple countries and  multiple
            territories. A successful attack on a vendor can have a cascading effect, leading to widespread damage
            and disruption.

            Companies often have limited control over their vendors’ security practices and infrastructure. Even if an
            organisation has robust security measures in place, a vendor’s weak security posture can undermine the
            overall defence and become a point of entry for attackers.
            Additional risk assessments should also be considered when dealing with vendors, particularly when it
            comes to the exchange of sensitive information.

            At the very least, companies should perform thorough risk assessments to evaluate the security practices
            of  potential  vendors  before  entering  into  business  relationships.  This  assessment  should  include
            evaluating their security controls, incident response plans, and overall security maturity.

            This incident does present an opportunity for knowledge sharing and collaboration. By working together,
            the companies affected by the MOVEit attack can help to establish channels for sharing threat intelligence
            and security information with vendors. Together, we can collaborate on proactive measures to identify
            and mitigate emerging threats.








            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          140
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   135   136   137   138   139   140   141   142   143   144   145