With hackers deploying sophisticated breach tactics, the traditional way of keeping hackers outside the perimeter is no longer a viable strategy to prevent breachers. In the year 2020, based on the data we saw on the Dark Web, we were able to ascertain that stolen credentials and privileges were not just used but were being mined to maximize the footprint of a breach as well.
In June last year, a leading heavy equipment manufacturer in Europe was breached. Hackers used the stolen credentials to skim more credentials and finally access the Intellectual Property (IP) vault of this company which didn’t just have critical IP data but also credentials for other vaults holding joint IP with vendors. Needless to say, most of this information made its way into shady market places trading such information.
Privilege mining, wherein the hackers move horizontally and vertically across digital infrastructures using a series of credentials stolen on the go is now the biggest cyber threat out there. Tons of credentials and network information from previous breaches have created opportunities for hackers like never before. Even at a conservative scale, this information could be enough to sustain cyberattacks well into 2023.
It is therefore prudent to exercise diligence and caution and take the following steps immediately irrespective of your threat perception:
- Reset passwords across the enterprise and accounts
- Use multi-factor authentication
- Segregate networks, deeply monitor zones of convergence between tech streams such IoT, Operational Technology and IT
- Use a solution such as Subex Secure to protect all components of your infrastructure including devices, networks, and systems
Talk to us now to learn more about improving your cybersecurity posture to deter hackers
Designation: VP, Digital Security
At Subex, Kiran leads IoT and ICS security initiatives. He has over 18 years of experience in cybersecurity, network analytics, fraud management and mitigation, and machine learning. Kiran holds patents focused on security, fraud and Artificial Intelligence. A passionate author and speaker, Kiran champions the cause of cybersecurity in areas such as detection strategies, identity management, securing converged environments, compliance enablement, 5G cybersecurity, fraud prevention among other areas through speaking engagements across the globe. He has written extensively on these areas as well.