The IT Nerd

Silverfort, today launched the most comprehensive free identity risk assessment available to help organizations discover the gaps and hygiene issues in their identity attack surface which may cause cyber insurance compliance failures. Intended to be used by companies with 250 or more employees, the assessment will help meet expanding cyber insurance requirements in advance of a policy application or renewal.   

Simple to deploy and providing visibility into all user authentications, Silverfort’s identity risk assessment operates at a directory level to report with in-depth visibility on the identity attack surface. The report summarizes risky user accounts and authentications as well as risk indicators such as shadow admins, passwords that never expire, admins liable to Kerberoasting, pass-the-ticket and lateral movement attempts, authentications using weak encryption protocols, unprotected Service Accounts and more.  

These common attack paths are used by threat actors to move laterally around an organization and propagate the ransomware responsible for more than half of all cyber insurance payouts last year. For this reason, identity security hygiene has become increasingly important to insurance underwriters.          

Cyber insurance premiums continue to increase due to the routine manner by which adversaries use these gaps in identity to spread in their victim’s environment and ultimately extort them for payment. In response, insurance carriers and brokers have added detailed identity security requirements and increased scrutiny around how controls are deployed and managed. MFA is now required to protect an expanded range of internal apps, interfaces, and systems, including VPNs, file shares, networking equipment, legacy systems, and CLI admin tools. Insurers are also increasing Privileged Access Management (PAM) requirements for highly privileged and non-human users, with the discovery and password hygiene of Service Accounts coming under particular scrutiny.  

The free assessment is part of a broader program to improve the identity security maturity of organizations for insurance compliance attestation. Major brokers such as Acrisure, Howden Group and other insurance carriers and intermediaries are now offering Silverfort’s Unified Identity Protection solution to help more customers qualify for cyber insurance policies.  

To request an assessment, simply register on the Silverfort website and a representative will be in touch to assist.  

Silverfort research has found adversaries could attack the new Microsoft Azure AD Kerberos authentication protocol to move laterally around hybrid environments.

Made generally available in August 2022 to enable cloud authentication for IaaS workloads such as servers and file shares, the new protocol is exposed to the two new techniques which evolve long-standing Silver Ticket and Pass the Ticket attacks – both of which are already well-used by threat actors to move laterally. 

The new version of Pass-The Ticket, called Bounce the Ticket, allows an attacker to steal Kerberos tickets from memory and use these to manipulate the Azure Ticket Granting System into granting malicious access to cloud workloads such as servers. This could be used to pivot around hybrid environments.   

In the enhanced Silver Ticket attack, called Silver Iodide, the Silverfort research team was able to attack Azure Files and forge Kerberos tickets to demonstrate how a threat actor could escalate privileges on the cloud-based File Share. 

Like many attacks on identity systems, the issues described lie in the underlying logic of the protocol. Fixing them would require re-engineering Kerberos – it is not simply a case of patching code. Both techniques were shared with Microsoft’s MSRC team prior to publication. 

You can read the research here.

International insurance broker, Howden Group, and Unified Identity Protection leader, Silverfort, today announced a partnership to make it easier for organizations to comply with the increasingly strict identity security controls now being required in cyber insurance policies. 

With attackers taking advantage of narrowly deployed MFA solutions, and a lack of protection for non-human identities (Service Accounts) to spread ransomware, steal data and compromise critical systems, the cost of cybersecurity insurance policies has been increasing and exclusions have become stricter. To counter this, many carriers are now mandating identity security controls with greater breadth and depth.  

The partnership seeks to address this compliance need by offering Silverfort’s Unified Identity Protection solution. This will enable Howden Group’s global customer-base to extend MFA to all their sensitive resources, including previously ‘unprotectable’ ones such as legacy applications and directories, Command Line Interfaces and other admin access tools, network infrastructure, industrial OT systems and more, without the need to modify these systems. It also allows customers to discover, monitor and secure the automated Service Accounts often used by attackers in lateral movement – quickly and easily.

As a large global broker with around $30bn in Gross Written Premiums, Howden Group helps insure some of the largest organizations in the world. Silverfort will be offered to the company’s customer-base alongside a set of complimentary products designed to prevent a wide range of risks, including endpoint protection, security awareness training and more.

More information on how Silverfort and Howden Group are working together can be found here https://www.silverfort.com/silverfort-insurance-howden/. 

Silverfort, a unified identity protection leader, today announced a partnership with Acrisure Cyber Services (ACS). ACS is a division of Acrisure, a global fintech that operates a top-10 global insurance broker that also provides cyber services, real estates services and asset and wealth management.  Silverfort is known for helping organizations of all sizes meet an increasingly rigorous identity and access management compliance burden emerging in cyber insurance policies.  

The increasing sophistication of cyber attacks continues to expose the IT infrastructures of organizations, which is driving up cyber insurance premiums. As a result, underwriters are increasingly mandating that Multi Factor Authentication (MFA) is applied with far greater depth than before to inhibit threat actors’ movements as they propagate attacks.  

ACS will deliver Silverfort as part of its “Security as a Service” model, sitting alongside other technologies intended to provide companies of all sizes with full compliance to a range of carrier policies. Alongside Silverfort, this stack of technologies also covers endpoint security, vulnerability detection and management, backup and disaster recovery, security awareness training and email security.  

Silverfort will help enable ACS clients to comply with requirements by seamlessly extending MFA to previously unprotectable resources. Organizations will be able to enforce MFA across all on-prem and cloud resources including on email, remote network access tools, network infrastructure, directories, servers, workstations and even on legacy protocols that allow ransomware attacks to spread. It will also allow customers to automatically discover, monitor and secure the automated Service Accounts commonly used in data breaches, without having to modify them. 

More information on how Silverfort helps companies comply with emerging cybersecurity insurance standards can be found here. Further details on Acrisure Cyber Services can also be seen here.

Silverfort today announced the appointment of ex-Deloitte Australia and APAC CIO and Partner, Tim Fleming, as Strategic Advisor.

Responsible for all commercial and operational technology strategy at Deloitte for over 20 years, as CIO of Australia and APAC, Tim oversaw a team of more than 1300 with direct accountability for countries including India, China, Taiwan and Japan. During his tenure, the company embarked on a period of rapid technical change which contributed to a five-fold growth in revenues.   

Previously Head of Global Transformation and Innovation – as well as a member of the Global Cyber Committee – Tim also has significant experience helping organizations embrace emerging technologies to mitigate business risks and meet regulatory and certification requirements.     

Tim will be with the Silverfort APAC team located on stand 417 at the Gartner IT Symposium/Xpo. More information can be found at silverfort.com

Silverfort has release findings on a privilege escalation issue located within the Microsoft Azure Active Directory. The Silverfort research team recently located a lapse in safeguards to certain user accounts within the Azure AD service, which could enable lower-level admins to become fully privileged ones.

With Azure Active Directory being a leading cloud Identity Provider, Microsoft quickly responded to this reported issue and rapidly patched the gap, mitigating the potential of future attacks using this technique. Nonetheless, in a time when privilege escalation attacks are persistent and incredibly risky, Silverfort hopes the wider security community can benefit from releasing the analysis and findings of this issue.

Overview:

• Azure AD safeguards higher-privileged admin passwords by preventing lower-privileged admins from access to modifications of those with higher privileges.
• Azure AD safeguard is applied when a user is set to ‘eligible’ or ‘active’.
• Azure AD allows user accounts to be assigned as ‘future use’.
• Silverfort found that for ‘future use’ accounts, the password safeguard did not apply.

This gap would allow for initial compromise, scanning of Azure AD to locate accounts which are schedule to become highly privileged admins in the future, allowing for password resets and privilege escalation.

You can read their findings here.

Silverfort, provider of the world’s first Unified Identity Threat Protection platform, is proud to announce that they have won the following award from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine:

• Most Innovative Identity Protection

As the identity threat landscape has evolved and shifted, Silverfort has increased innovation and maximized on partnerships to provide the first Unified Identity Threat Protection platform. Silverfort’s Identity Threat Detection and Response (ITDR) and Identity Threat Prevention (ITP) capabilities deliver a unique, unified layer to Identity and Access Management (IAM). While many security innovations seek to cover the entire threat landscape singularly, Silverfort continues to address the threat landscape in a holistic way by providing an additional layer of protection to a customer’s existing security infrastructure, without requiring modifications to a customer’s endpoints, servers or applications. 

More information can be found at www.silverfort.com