Cybercriminals are increasingly using compromise methods that grant “legitimate” access to target systems, making them harder to detect. Credit: Cisco The most dangerous cybersecurity threat of the moment is an attacker with access to legitimate identity information for a given system, according to a report issued today by endpoint security and threat intelligence vendor CrowdStrike. According to the report, interactive intrusions (which the company defines as those in which an attacker is working actively to accomplish some illicit end on a victim’s system), are increasingly implemented using strategies that involve compromised identity information for access to a target. During the past year, both government-backed and organized crime hacking groups have raised their game with improved phishing techniques and social engineering “tradecraft.” “The biggest trend that we’ve seen is that everything is moving towards identity,” said Adam Meyers, head of intelligence at CrowdStrike. “80% of attacks involved identity and compromised credentials.” Those credentials can be compromised in the traditional way, using email phishing and social engineering, or they can be purchased on the dark web, sourced from other types of compromised systems. Once they have access to a target system, cybercriminals use a range of techniques to achieve their ends, and the report said that the use of remote monitoring and management software is sharply on the rise. “Threat actors understand that there are security tools out there that impede the way they operate,” noted Meyers. “So they’re trying to use techniques that don’t trigger that security.” Compromised login IDs are hard to detect, and must generally be discovered by monitoring for unusual account behavior. A move away from what he described as a “Microsoft monoculture” in the enterprise would be a positive step toward stemming the current flow of identity based attacks, Meyers said. “Organizations have gone all in with Microsoft, they have good OSes and productivity suites, but a history of poor security,” Meyers said. Kerberos-based attacks on the rise In particular, Kerberos-based attacks against Windows systems have been on the rise, according to CrowdStrike. The technique of “Kerberoasting” (compromising a Kerberos ticket by cracking its encryption offline) has been particularly successful of late, since Windows uses Kerberos as a key authentication method. The report also includes information about the growing cloud-based threat posed by the use of privilege escalation tools like LinPEAS, which can be used to enumerate information about a cloud environment, including metadata, network attributes and even security credentials, depending on the service provider and its configuration. CrowdStrike recommends applying on-premises security techniques to all cloud workload instances, including restricting outbound connections from those instances to whitelisted addresses. Related content news AT&T suffers critical breach impacting 73 million customers Data released on the dark web impacts 7.6 million existing account holders and 65.4 million past subscribers. By Shweta Sharma 01 Apr 2024 4 mins Data Breach feature Recruit for diversity: Practical ways to remove bias from the hiring process Changing the wording on job descriptions and introducing a diverse hiring panel are some of the ways to remove bias when hiring cybersecurity professionals. By Aimee Chanthadavong 01 Apr 2024 8 mins Careers feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff 01 Apr 2024 17 mins Technology Industry IT Skills Events news Top cybersecurity product news of the week New product and service announcements from Bedrock Security, GitGuardian, Legit Security, Nametag, and Cybereason and Observe By CSO staff 29 Mar 2024 70 mins Generative AI Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe