I have some bad news if you’re responsible for defending your organization against threat actors.
Attackers have reduced the average time required to move laterally through systems by 14% last year, down to just 84 minutes, according to a new report out by Crowdstrike, giving defenders even less time to contain breaches after the initial breakout.
Increasing the difficulty for defenders, a full 71% of the attacks used valid credentials for access, as opposed to malware, making detection by automated systems extremely difficult, up from 62% in 2021. Using “hands on keyboard” techniques make it harder for traditional anti-malware tools to detect activity according to CrowdStrike.
Like I said, this is bad news.
Ted Miracco, CEO of Approov Mobile Security:
“It’s important to note that no single security measure can completely prevent all types of attacks, especially social engineering attacks. That said, mobile app attestation, runtime secrets protection, and RASP can all be highly effective measures in preventing credential access, SIM swapping, and MFA fatigue in mobile applications.
“Attestation techniques can help not only ensure that only genuine apps, and not tampered or cloned versions, are accessing APIs, it also uses the authorized application seamlessly as the second factor before accessing sensitive data. By verifying the integrity of the app at runtime, it both prevents attackers from injecting malicious code or accessing sensitive data. Runtime secrets protection can ensure that only valid app instances running in un-compromised environments can access the API keys and secrets stored in the cloud. This can prevent attackers from accessing these secrets even if they manage to gain control of the device. RASP can monitor, detect, and instantly block computer attacks, including new threats that were unforeseen during development. By continuously analyzing app behavior and detecting anomalies, RASP can prevent “interactive intrusions” and other types of attacks.
“It’s best to use a combination of security measures, including those mentioned above, along with other security best practices such as proper authentication and authorization, encryption, and regular security testing and updates.”
The fact that attacks are getting faster and faster to execute means that we all have to work much harder to stop organizations from being victims. And the approach outlined above can certainly help with that… If everyone adopts that approach.
CrowdStrike CEO Speaks To Taking Down The Entire Planet With A Bad AV Update…. And He Actually Apologizes For This Mess
Posted in Commentary with tags CrowdStrike on July 19, 2024 by itnerdEarlier today I posted a story about security company CrowdStrike taking down the entire planet with a bad antivirus update. In that story I pointed out that the CEO of CrowdStrike George Kurtz posted a Tweet where he completely failed to apologize for bringing the entire planet to a standstill. At the time I said this:
The problem with this Tweet is that he completely failed to apologize for basically taking down the entire planet because of a screw up with his product. If I used his product, I’d be looking to move to some other antivirus product. Because this Tweet to be frank, sucks.
Well, I guess someone must have told him that the Tweet in question didn’t go over well because I just found this on the YouTube channel of NBC:
You tell me about the quality of his response. I’m really not impressed by this as this kind of looks like a hostage video. But to be fair, he’s likely been up all night and he’s likely reconsidering his life choices. At least he apologized for taking down the entire planet, but maybe you have a different view. If so, post a comment and share it.
Leave a comment »