A SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKS

A SECURITY STRATEGY AGAINST STEAL-AND-PASS CREDENTIAL ATTACKS

Juan Ceballos

Security Consulting & Engineering, T-Systems International, Munich, Germany

ABSTRACT

Stealing and passing credentials is currently one of the preferred cyberattack techniques within the hacking community as shown by the increasing number of related incidents over the last years. Instead of targeting passwords, attackers focus on obtaining derived credentials like hashes and session tickets. This type of credentials facilitates taking advantage of omnipresent background mechanisms like Single Sign-On. A combination of malware and penetration tools is used in order to exploit architecture vulnerabilities and steal the credentials. Vulnerabilities also allow the attacker to get access to other systems and covertly take the control of central infrastructure like Active Directory. The ultimate goal is not creating damage that can be noticed but covertly and constantly leaking confidential information for profit or cyber spionage. This paper proposes a comprehensive strategy of six points against steal-and-pass credential attacks and is intended to mitigate the risk significantly. Even if some points of the strategy can be considered security best-practices, other points require the establishment of technical and process controls that are not part of typical security management programs. Controls have to be regularly reviewed as part of security audits, since administrators and other privileged users have often the means to remove or bypass technical controls.

KEYWORDS

Security, Cyberattack, Hacking, Malware, Security Threats & Countermeasures

ORIGINAL SOURCE URL : http://aircconline.com/ijnsa/V8N1/8116ijnsa03.pdf

http://airccse.org/journal/jnsa16_current.html