Fighting An Invisible War – defending your business in times of crisis

Blog | Posted: 06-05-2020
Row curve
Distology Blog

Chris Collier, Technical Manager for Distology

In light of the recent Joint Advisory from both the UK’s NCSC (National Cyber Security Centre) and the USA’s CISA (Cybersecurity and Infrastructure Security Agency) – click here for the original article on Sky News; regarding the rise in cyber-attacks that have been targeted at the pharmaceutical, research institutes and universities that are working heavily on responses to the Coronavirus outbreak; I thought it pertinent to write a blog about one of the techniques that was mentioned by these agencies that the threat actors are utilising as part of this attack campaign and how not just these institutions, but ALL institutions can defend themselves from it.

Firstly, the main technique that the agencies have mentioned as being used has been described as “password spraying” which is a form of attack whereby an attacker will attempt to try common passwords against accounts used by people worldwide; which isn’t a particularly sophisticated technique but if they are persistent enough, they could quite easily be deploying a number of far more sophisticated password/account cracking techniques in an attempt to gain access accounts and services to steal the valuable data that they may hold.

One of the big problems that makes things such as password spraying a go-to technique (at least in the beginning) is that humans are, unfortunately, habitual, with lots of people in fact, using the same password for several different services. Couple this with the fact that over the course of the last 20 years:

  • The number of publicly known data breaches has hit the tens of thousands
  • The number of records exposed from breaches is in the billions
  • A vast quantity of these exposed records are username and password combinations

That’s a lot of data attackers could try and make use of, plus, they wouldn’t even necessarily need to look too hard to find it…so what do you do?

Well, based on both agencies’ recommendations (and good security practice) enforcing the change of passwords regularly, making users use complex passwords where possible and implementing multi-factor authentication are certainly ways of helping combat this form of threat.

I believe however, that it needs to be taken further, that all businesses, regardless of industry vertical need security solutions that are able monitor the authentication and authorisations of their users, that are able to apply additional context to the login process outside of “does this person have the right username and password combination?”

Doing this shouldn’t be hard either, it needs to be as easy for the security and IT teams to implement as it is for the users themselves to use otherwise it would just be met with resistance.

At Distology we represent a number of market leading vendors that are completely equipped to do just that and we’d be more than happy to discuss with you about how these vendors solutions work both alone, but also together to provide a better, more secure way of authenticating and authorising users to the applications and services that they need to do their jobs rather than just relying on passwords alone.

Get In Touch