Cybersecurity News is reporting that Cisco has suffered a data breach linked to the Kraken ransomware group with sensitive credentials from its internal network and domain infrastructure leaked online. Additional details here:
https://cyberpress.org/cisco-data-breach-2/
Jim Routh, Chief Trust Officer at cybersecurity company Saviynt, commented:
“I had an opportunity to speak to other CISOs about this incident last week. The prevailing viewpoint is that this is a highly sophisticated ransomware-as-a-service attack that took many months of diligent work by the threat actor using sophisticated tools. One of the tools used, Mimikatz, is designed to extract credentials from Microsoft Active Directory and is only accessible by privileged users or threat actors using credentials from those with privilege . Mimikatz is both an exploit on Microsoft Windows that extracts passwords stored in memory and software that performs that exploit. It was created by French programmer Benjamin Delpy and is French slang for “cute cats”. Wikipedia
“The most effective set of controls to manage this risk is within privilege user monitoring (PAM) with an added component for continuous validation. The continuous validation, in this case, is measuring the deviation in established on-line patterns for privileged users (while using the privilege) and revoking the privilege automatically in milliseconds when the deviation score of the patterns triggers it. This approach (continuous validation) on top of PAM is not widely used today and there are only a few commercial products developing this capability.”
This incident shows that even the big guys can get pwned if they don’t have proper controls in place. Which illustrates why you need to do everything possible, no matter how difficult to keep yourself from getting pwned.
Like this:
Like Loading...
Related
This entry was posted on February 11, 2025 at 8:33 am and is filed under Commentary with tags Cisco. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Cisco Has Apparently Had A Data Breach
Cybersecurity News is reporting that Cisco has suffered a data breach linked to the Kraken ransomware group with sensitive credentials from its internal network and domain infrastructure leaked online. Additional details here:
https://cyberpress.org/cisco-data-breach-2/
Jim Routh, Chief Trust Officer at cybersecurity company Saviynt, commented:
“I had an opportunity to speak to other CISOs about this incident last week. The prevailing viewpoint is that this is a highly sophisticated ransomware-as-a-service attack that took many months of diligent work by the threat actor using sophisticated tools. One of the tools used, Mimikatz, is designed to extract credentials from Microsoft Active Directory and is only accessible by privileged users or threat actors using credentials from those with privilege . Mimikatz is both an exploit on Microsoft Windows that extracts passwords stored in memory and software that performs that exploit. It was created by French programmer Benjamin Delpy and is French slang for “cute cats”. Wikipedia
“The most effective set of controls to manage this risk is within privilege user monitoring (PAM) with an added component for continuous validation. The continuous validation, in this case, is measuring the deviation in established on-line patterns for privileged users (while using the privilege) and revoking the privilege automatically in milliseconds when the deviation score of the patterns triggers it. This approach (continuous validation) on top of PAM is not widely used today and there are only a few commercial products developing this capability.”
This incident shows that even the big guys can get pwned if they don’t have proper controls in place. Which illustrates why you need to do everything possible, no matter how difficult to keep yourself from getting pwned.
Share this:
Like this:
Related
This entry was posted on February 11, 2025 at 8:33 am and is filed under Commentary with tags Cisco. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.