SecurityBrief New Zealand logo
New Zealand's leading source of cybersecurity and cyber-attack news
Story image

One Identity: How to mitigate the risks of spearphishing

By Contributor
Fri 14 Jun 2019
FYI, this story is more than a year old

Article by One Identity APJ technology and strategy regional manager Serkan Cetin

The term phishing sums up age-old cyber-attacks perfectly.

Cyber criminals throw a line into the digital pond and hope an unsuspecting victim will take the bait and share valuable information such as login credentials.

Login credentials are a goldmine for cybercriminals, as they often lead to access to internal IT systems.

According to Forrester, 80% of security breaches involve the theft of privileged credentials.

From large web services providers, to international eCommerce companies, digital media service providers and health insurance companies, recent breaches have shown no industry is safe.

However, like traditional fishing practices, the practice has evolved.

Spearphishing is the new norm.

As the term suggests, targeting one company rather than casting a wide net allows threat actors to take a more sophisticated approach.

This targeted approach can be harder to spot than general phishing.

Threat actors will perform research on the intended target organisation and then craft emails which appear more authentic, such as impersonating real executives or sharing publicly available information which builds trust in unsuspecting employees.

Typically, when criminals gain access to an employee’s login details, they go searching for privileged accounts.

These accounts have more access to restricted sections of a business’ network, and often information behind a locked door is most valuable.

Organisations can take steps to protect themselves against privileged identity theft, such as understanding what privileges every account has, deploying a central session management hub, and analysing user behaviours.

Keep an up-to-date inventory of privileged accounts

As IT environments grow, the number of administrative, service and other types of privileged accounts can proliferate.

Enterprises running networks with thousands or tens of thousands of servers, applications and network devices often lack an accurate inventory of these assets.

Keeping a comprehensive, up-to-date inventory of privileged accounts, including ownership information for those accounts, allows IT teams to understand potential risks, which accounts they should be monitoring for suspicious activity and who in the business is responsible for the account.

Limit the scope

Best practice for privileged access is to limit the scope across the environment of any privileged account to enforce the principle of least privilege.

Each account should have exactly the minimum rights required to carry out a specific set of tasks (only those appropriate for the role of the individual), and nothing more.

Accounts that have access to more than what they need access to represent an unnecessary risk to the organisation.

Attesting the validity for privileged accesses that are granted to identities and accounts should be part of a regular process.

Remediation should involve automatically revoking privileged accesses from accounts and de-activating accounts which are no longer required.

These processes will assist with the overall management, administration and governance, as well as eliminating potential backdoors into the enterprise.

Privileged session management

If an attacker has compromised privileged credentials, they can inflict enormous damage on an organisation.

Implementing a privileged session management solution provides a central access control point providing several benefits, such as a central policy enforcement point where managers can restrict user activity, a point of integration for authentication tools such as password management and multi-factor authentication, real-time monitoring of privileged users, and recording of sessions which provides audit trails for determining how attacks occurred.

Privileged session management mitigates the risk of a successful breach by hardening privileged accounts and limiting the types of assets that can be accessed and the types of commands that can be executed.

It doesn’t, however, detect when privileged credentials have been compromised.

 In recent years, new technologies leveraging machine learning and analytics have emerged to fulfil this need.

Behaviour analytics

Traditional security tools such as Security Information and Event Management (SIEM) can fail to detect malware, intruder and bot attacks because they rely solely on post event log data which are used in a rules-based approach.

User Behaviour Analytics (UBA), on the other hand, uses Artificial Intelligence (AI) and machine learning to first learn a user’s behaviour, then continuously monitor the user’s digital behaviour to identify inconsistencies which may suggest a threat actor has gained access to their account.

UBA is a powerful tool to fill the gaps in an organisation’s security approach.

By capturing data about user behaviour and applying advanced analytical techniques, UBA tools can build a baseline of normal user behaviour and, through continuous monitoring of user actions, detect when unusual activity or deviations from the baseline occur.

Continuously comparing actual activity to each user’s digital footprint enables behaviour analytics tools to detect suspicious activity related to an attack.

Behavioural biometrics is one of the most exciting developments in IT security because it serves as a form of continuous authentication.

As we can see from the growing number of cyber-attacks, one-off authentication methods as a means of telling friend from foe have failed to provide adequate protection.

Continuous authentication promises to detect privileged identity theft.

A wide range of organisations have fallen victim to sophisticated, well-resourced spear-phishing attacks from cyber criminals. However, measures exist to mitigate the risks of the attack.

Process improvements and end-user education are key measures that should be part of every organisation’s security strategy.

Further, combining identity governance and privileged access management technologies can help protect organisations from potential breaches by controlling accesses and privileges assigned to accounts, and by using behavioural analytics as part of session management be able to stop attackers before they are able to inflict damage on organisations.

Related stories
Top stories
Story image
Employment
Tech job moves - Forcepoint, Malwarebytes, SolarWinds & VMware
We round up all job appointments from May 13-20, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Migration
Let’s clear the cloud visibility haze with app awareness
Increasingly, organisations are heading for the cloud, initiating new born-in-the-cloud architectures and migrating existing applications via ‘lift and shift’ or refactoring.
Story image
Remote Working
Successful digital transformation in the hybrid work era is about embracing shifting goalposts
As organisations embraced remote working, many discovered they lacked the infrastructure needed to support history’s first global load test of remote work capabilities.
Story image
Vectra AI
Understanding the weight on security leader’s shoulders, and how to shift it
Millions of dollars of government funding and internal budgets are being funnelled into cybersecurity to build resilience against sophisticated threats, indicating how serious this issue has become.
Story image
BeyondTrust
BeyondTrust integrates Password Safe solution with SailPoint
BeyondTrust has announced the integration of BeyondTrust Password Safe with SailPoint identity security offerings.
Story image
Amazon Web Services / AWS
RedShield leverages AWS to scale cybersecurity services
"Working with AWS gives RedShield the ability to mitigate significant application layer DDoS attacks, helping leaders adopt best practices and security architectures."
Story image
Artificial Intelligence
AI-based email security platform Abnormal Security valued at $4B
"A new breed of cybersecurity solutions that leverage AI is required to change the game and stop the rising threat of sophisticated and targeted email attacks."
Story image
Artificial Intelligence
How to ensure ethical deployment of AI implementations
The increase in automation and machine technology such as AI and machine learning has unlocked a whole new level of scale and service to organisations. 
Story image
Sift
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
Cybersecurity
CyberArk launches $30M investment fund to advance security
CyberArk has announced the launch of CyberArk Ventures, a $30 million global investment fund dedicated to advancing the next generation of security disruptors.
Story image
ChildFund
ChildFund launches new campaign to protect children online
ChildFund says WEB Safe & Wise aims to protect children from sexual exploitation and abuse online while also empowering them to become digitally savvy. 
Story image
Phishing
KnowBe4 celebrates reaching 50,000 customers worldwide
KnowBe4 has reached the milestone of 50,000 customers, adding nearly 2,500 in the first quarter of 2022 alone.
Story image
SaaS
Rubrik Security Cloud marks 'next frontier' in cybersecurity
"The next frontier in cybersecurity pairs the investments in infrastructure security with data security giving companies security from the point of data."
Story image
Phishing
Google reveals new safety and security measures for users
Google's new measures include automatic two step verification, virtual cards and making it easier to remove contact information on Google Search results.
Story image
Qualys
Qualys updates Cloud Platform solution with rapid remediation
The new update is designed to enable organisations to fix asset misconfigurations, patch OS and third-party applications, and deploy custom software.
Story image
Ransomware
A third of companies paying ransom don’t recover data - report
Veeam's report finds 76% of businesses who are victims of cyberattacks paid the ransom to recover data, but a third were still unable to get their information back.
Darktrace
Threat actors are exploiting weaknesses in interconnected IT/OT ecosystems. Darktrace illuminates your entire business and takes targeted action to stop emerging attacks.
Link image
Story image
Cybersecurity
The 'A-B-C' of effective application security
Software applications have been a key tool for businesses for decades, but the way they are designed and operated has changed during the past few years.
Story image
Ransomware
Cybersecurity starts with education
In 2021, 80% of Australian organisations responding to the Sophos State of Ransomware study reported being hit by ransomware. 
Story image
Ransomware
Alarming surge in Conti Ransomware Group activity - report
A new report has identified a 7.6 per cent increase in the number of vulnerabilities tied to ransomware in Q1 2022.
Story image
Ivanti
Ivanti and Lookout bring zero trust security to hybrid work
Ivanti and Lookout have joined forces to help organisations accelerate cloud adoption and mature their zero trust security posture in the everywhere workplace.
Story image
Cybersecurity
Hard numbers: Why ambiguity in cybersecurity no longer adds up
As cybersecurity costs and risks continue to escalate, CEOs continue to struggle with what their investment in cyber protection buys. Getting rid of ambiguity becomes necessary.
Story image
Digital Transformation
Physical security systems guide the hybrid workplace to new heights
Organisations are reviewing how data gathered from their physical security systems can optimise, protect and enhance their business operations in unique ways.
Story image
Application Security
What are the DDoS attack trend predictions for 2022?
Mitigation and recovery are vital to ensuring brand reputation remains solid in the face of a Distributed Denial of Service (DDoS) attack and that business growth and innovation can continue.
Story image
Cybersecurity
A10 Networks finds over 15 million DDoS weapons in 2021
A10 Networks notes that in the 2H 2021 reporting period, its security research team tracked more than 15.4 million Distributed Denial-of-Service (DDoS) weapons.
Story image
Supply chain
Jetstack promotes better security with supply chain toolkit
The web-based resource is designed to help organisations evaluate and plan the crucial steps they need to establish effective software supply chain security.
Story image
Customer experience
Gartner recognises Okta for abilities in Access Management
Okta has announced it has been recognised as a Customers' Choice for the fourth time in a row in the Gartner Peer Insights "Voice of the Customer" report.
Story image
Apricorn
Data backup plans inadequate, data still at risk - study
The Apricorn 2022 Global IT Security Survey revealed that while the majority organisations have data backup plans in place, data for many are at risk.
Story image
Cybersecurity
NCSC advisory highlights poor security configurations
The GCSB's National Cyber Security Centre (NCSC) has released a cyber security advisory identifying commonly exploited controls and practices.
Story image
Data Protection
Barracuda launches new capabilities for API Protection
"Every business needs this type of critical protection against API vulnerabilities and automated bot attacks," Barracuda says.
Story image
Artificial Intelligence
Updates from Google Workspace set to ease hybrid working troubles
Google Workspace has announced a variety of new features which will utilise Google AI capabilities to help make hybrid working situations more efficient and effective.
Story image
Remote Working
How zero trust and SD-WANs can support productive remote working
The way people connect with applications and data has changed, users are remotely accessing resources that could be stored anywhere from a corporate data center to the cloud.
Booster
Booster Innovation Fund. A fund of Kiwi ingenuity – for Kiwi investors.
Link image
Story image
Cybersecurity
Video: 10 Minute IT Jams - An update from IronNet
Michael Ehrlich joins us today to discuss the history of IronNet and the crucial role the company plays in the cyber defence space.
Story image
VPN
Palo Alto Networks says ZTNA 1.0 not secure enough
Palo Alto Networks is urging the industry to move to Zero Trust Network Access 2.0 because previous versions have major gaps in security protection.
Story image
Ransomware
Ingram Micro Cloud adds Bitdefender solutions to marketplace
Ingram Micro Cloud has announced the expanded availability of Bitdefender solutions on the Ingram Micro Cloud Marketplace.
Story image
Nozomi Networks
Nozomi Networks, Siemens reveal software integration
Nozomi Networks and Siemens have extended their partnership by embedding Nozomi Networks’ software into the Siemens Scalance LPE local processing engine.
Story image
Tech job moves
Tech job moves - Datacom, Micro Focus, SnapLogic and VMware
We round up all job appointments from May 6-12, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Cloud Security
Aqua Security createa unified scanner for cloud native security
“By integrating more cloud native scanning targets into Trivy, such as Kubernetes, we are simplifying cloud native security."
Story image
SaaS
Absolute Software expands Secure Access product offering
Absolute Software is enhancing its Secure Access product portfolio, enabling minimised risk exposure and optimised user experiences in the hybrid working environment.
Story image
Malware
New vulnerabilities found in Nuspire’s Q1 2022 Threat Report
“Threat actors are quickly adjusting their tactics and these exploits tend to get industry attention, but the threat posed by older and attacks still persists."
Story image
SaaS
Maintaining secure systems with expectations of flexible work
Most office workers feel they've proved they can work successfully from home, and as much as employers try, things aren't going back to the way they were anytime soon.
Story image
Workato
Workato unveils enhancements to enterprise automation platform
"The extra layer of protection with EKM, zero-logging, and hourly key rotation gives customers a lot more visibility and control over more sensitive data."
Story image
Artificial Intelligence
ForgeRock releases Autonomous Access solution powered by AI
ForgeRock has officially introduced ForgeRock Autonomous Access, a new solution that uses AI to prevent identity-based cyber attacks and fraud.