Zero Trust In The Trenches: Common Mistakes That Lead To Compromise
Secureworks
Cybersecurity by security experts for security experts. We are in the fight with you!
Zero Trust can be implemented in a few ways, and there are many vendors who can assist. They all have fundamental ideas in common. First, knowing what devices and users your organization has, and subsequently their roles, is a must for proper implementation. This means a good configuration management database, as well as strong identity and access management and mobile device management, are vital to your success. Authentication is key, which is why it’s important that you are using multi-factor to authenticate your users. Avoid the use of SMS and rely on FIDO (Fast IDentity Online) implementations as much as possible. Zero Trust allows for conditional access where you can apply role-based access controls to your services. Depending on the tooling, this can include read/write access to SaaS platforms, denial to untrusted or non-compliant devices, or access denial to administrative services from personal devices.
A common failing in Zero Trust implementations is the failure to fully commit. It is a lot of work to turn from a legacy intranet to full SaaS/IaaS cloud solutions. As a result, implementations are often done in stages, which can lead to interim exposure of workload and data. Many times the solution is half implemented, usually failing on insufficient or nonexistent multi-factor authentication or a lack of device authentication.
Unpicking Lockbit - 22 Cases of Affiliate Tradecraft Unpicking
Secureworks? incident responders investigated 22 compromises featuring LockBit ransomware from July 2020 through January 2024. These investigations revealed the tactics, techniques, and procedures (TTPs) that LockBit affiliates have used in their intrusions. The complexity of operations varies from manual encryption of individual hosts to automated ransomware deployments from domain controllers. In some incidents, ransomware is not deployed at all. Instead, affiliates rely on data theft alone to extort victims. LockBit's evolution includes targeting?VMware ESXi?hosts to encrypt virtual machines, which can have a devastating impact on organizations that rely heavily on virtualized infrastructure.?
During LockBit engagements, Secureworks incident responders have provided detailed recommendations for victims of ransomware or data theft. Guidance focuses on preventing initial access, detecting post-compromise activity, and implementing changes to assess root cause and successfully remediate attacks. Dive into this guidance!
Bridging IT and OT Cybersecurity
For industrial organizations, it’s a question that grows louder every day: How do we extend our IT cyber defenses into our OT environments. The gap between these two environments is shrinking as there is more interconnection between IT and OT. Gartner reports that 70% of asset-intensive organizations will have converged their security functions across both enterprise and operational environments by 20251.
Watch Marcel Bornhoefft, Senior Systems Engineer, Julian Garcia, Senior Systems Engineer, and Bud Ellis, Product Marketing Senior Advisor, as they discuss how to begin your OT security journey.