No matter how secure your environment, cybercriminals will bypass your security defenses, making how quickly you can detect the breach and respond to mitigate the damage a critical component of your enterprise’s cyberdefense. But there’s a challenge—it’s not only your security you need to be concerned about, but your business partners’ as well.
One method that is growing dramatically in popularity with cybercriminals is compromising a target’s business partners. Your business partners may not have security practices that are as good as your organization’s defenses. Cybercriminals use a compromised business partner as a backdoor into your organization via an already trusted channel like a VPN. The Target breach last year is a good example of this approach.
To compromise businesses, cybercriminals are increasingly using keys and certificates to elevate their privileges and hide activity. By the end of 2014, attacks using SSL comprised 12% of network-based attacks according to Intel Security, and Gartner estimates that 50% of network attacks will use SSL by 2017. Using SSL enables cybercriminals to cloak their activities. This helps support Mandiant’s findings that most organizations do not internally discover they’ve been compromised—nearly 70% of victims are notified by an external entity that they have been breached.
But how are cybercriminals compromising business partners and how can organizations quickly detect and remediate these breaches? To better understand cybercriminal attack methods, Venafi teamed up with Raxis, an independent penetration testing firm, to reconstruct a current real-world attack that targeted and compromised a Global 100 bank with techniques that can be used effectively to breach many organizations today.
The breach reconstruction provides full details on how a large hacking group used a stolen private key that was purchased on the underground as part of a multi-chained attack to ultimately steal millions of customer records. The white paper provides details about the thriving underground marketplace where you can buy almost anything needed to compromise networks. It also provides an explanation on how the attack was architected and executed as well as guidance on how the breach could have been quickly detected and mitigated.
For the last four years, Ponemon Institute has found that 100% of Global 5000 enterprises surveyed across 5 regions were impacted by attacks using keys and certificates. How does your organization detect and respond to attacks that use keys and certificates to elevate privileges and hide activity? How does your organization detect if a certificate is being used to misrepresent your brand on the internet?