Skilled adversaries have many tricks up their sleeves to grab credentials, including mimicking trusted access points.
In this video, Eric Escobar, Principal Consultant in the Secureworks Adversary Group, shares how, within a day, he was able to access an organization’s entire network, compromise their domain admin accounts and facilities by gaining credentials using an ‘Evil Twin’.
Listen to the full webcast to learn more about the most common attack vectors and how to defend against them.
I was on a particular pen test where we drove up before meeting the client and I was sitting in the parking lot of this really large manufacturing facility, I was able to crack their guest wireless password from the parking lot. I was able to create some wireless interference, and then the interference made it so that users' WiFi on their phone didn't work, the guest wireless didn't work, and I tricked them into connecting to me. And that's what disclosed their passphrase and so I was on their guest wireless network, along with all of their other employees at that time. And I was basically able to use that level of access to further compromise other users on the network. I was able to manipulate their traffic, I was taking other people's usernames and passwords, logging in as them, and seeing what they had access to. And then ultimately from there in about a day's time, I was able to walk through their entire network, compromise their domain admin accounts, and then also compromise all of their manufacturing facilities on three other continents.
I could have done a number of things, so you read about ransomware in the news. I could have ransomwared every device and locked out every device and anything in their manufacturing facility I could have turned off or kicked off the network or in some way, shape, or form, made it so that all of their business came down to a screeching halt and hold them for ransom. I could have sat and collected all of their proprietary company information from who their clients are, their customers, their price points, I could have stolen all that and they would have never known. The level of nefariousness goes from just somebody who's looking to make a quick buck to taking over a large Fortune 500 company. That's what it comes down to. The client absolutely loved the work. When he saw the results, he was able to take that information and say, "Hey this is the ammunition "that I need to go to the board of directors, "to go to my C-level suite," and basically take what we did and let him use that to enact change throughout his organization.
The old approaches to cybersecurity are no longer adequate. It’s time for something new. Layered defenses can create almost as many problems as they solve, and security teams struggle to keep up with the threat. What you need is context across all your layers of defense with the right people, processes, and technology working together in concert. That’s how Secureworks can help. Using 20+ years of industry knowledge, advanced analytics, industry-leading threat intelligence, and the network effect of more than 4,000 customer environments, we provide world-class cybersecurity solutions to customers around the globe. This unmatched experience empowers our customers to be Collectively Smarter. Exponentially Safer.™
Our Managed Detection and Response (MDR) solution is comprehensive, powered by our cloud-native software Red Cloak™ Threat Detection and Response that uses AI and machine learning to deliver better outcomes for your security operations. MDR unifies telemetry from your existing security technology to maximize visibility, reduce complexity, and enable you to move at the speed of the threat. Learn more about how Managed Detection and Response uses contextualized visibility to improve your organization’s security posture.