by Rebeca | Nov 24, 2022 | cybersecurity, News, soffid
In September, ridesharing company Uber disclosed that hackers had stolen the personal information of about 57 million customers and drivers. The days following the attack were full of speculation around how the attacker – allegedly a 17 year old – was able to gain access to the systems.
What happened?
1st. By obtaining access to login information for Uber’s VPN infrastructure, the attacker was able to enter its IT environment.
2nd. This contractor most certainly did not have elevated or unique access rights to critical resources, but he or she did have access to a network share, much like other Uber employees. Either this network share was accessible or the broad read ACL setting was set incorrectly. As a result, the hacker located a PowerShell script with hard-coded privileged credentials for Uber’s PAM solution within the network share.
3rd. The attacker was able to further elevate privileges by harvesting the hard-coded admin credentials for the privileged access management system.
4th. The attacker ultimately obtained “elevated permissions to a number of tools,” according to Uber’s most recent update. The potential for harm was high by accessing privileged access management solution secrets: According to reports, the hacker gained access to the SSO, consoles, and cloud management console, which Uber uses to store confidential customer and financial information.
5th. The attacker “downloaded some internal Slack communications, as well as accessing or downloaded information from an internal application our finance team uses to track some bills,” according to Uber, which is still looking into the matter.
Zero-trust strategy
Proactive security demands defence-in-depth, or a combination of complementary security layers that are in support of a zero-trust strategy. The absence of embedded credentials in the first place may be of importance in this situation.
In order to effectively manage these accounts, the Soffid product has the necessary logic to Identify accounts, classify them according to the level of risk and its scheme of use, distribution and assignment to responsible users, automatic and planned password change process, passwords delivery process to authorized users and automatic injection of passwords, when this injection applies and makes sense.
Shall we talk?
Sources: Technative.io
by Rebeca | Nov 16, 2022 | News, Release, soffid
We are proud to have been identified as one of the most representative Identity and Governance Administration vendor by Gartner in the Gartner Market Guide for Identity Governance and Administration (IGA).
According to this Gartner Market Guide for Identity Governance and Administration (IGA) Soffid is:
- one of the most representative Identity and Governance Administration vendors worldwide.
- one of the few vendors with a convergent strategy. Gartner says that by 2025, 70% of new access management, governance, administration and privileged access deployments will be converged identity and access management platforms.
- the only spanish native language vendor and it’s one of the four Europeans. Access to local professional services with experience of particular tools and of local or regional regulations, customs and ways of working is a key consideration.
The identity governance and administration landscape has evolved significantly over the years in lock step with the increasingly dynamic nature of today’s enterprise.
Gartner recommends that security and risk management leaders should include ease of deployment and operation in any assessment. They also assert that organizations should identify their key use cases early in any review process to quickly eliminate from consideration any IGA tool that cannot meet their organization’s needs. Mandatory capabilities for a complete IGA suite to meet a typical organization’s needs are:
- Identity life cycle management
- Entitlement management
- Support for access requests
- Workflow orchestration
- Access certification (also called “attestation”)
- Provisioning via automated connectors and service tickets
- Analytics and reporting
This Market Guide is an aid to anticipating future trends, features and integration capabilities in the IGA market.
Market Guides as Gartner’s is useful to understand how the status of an emerging market aligns to your future plans in IGA and survey the types of provider options in the market and understand how offerings are likely to evolve.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.”
by Rebeca | Nov 9, 2022 | soffid
Webinar “Beneficios de la Gestión de Identidades a través de una Plataforma Convergente”
La implantación de una plataforma convergente de gestión de identidades ayuda a reducir gastos operativos, requiere menos recursos administrativos y permite un despliegue más rápido y efectivo.
Según Gartner, para 2025, el 70 % de las nuevas implementaciones de gestión de acceso, gobierno, administración y acceso privilegiado serán plataformas convergentes de gestión de acceso e identidad. Para 2024, las organizaciones que adopten una arquitectura de malla de ciberseguridad reducirán la cantidad y el alcance de los incidentes de seguridad y el 90 % de su impacto financiero.
¿Qué es Soffid y Cómo funciona?
Soffid es una plataforma IAM convergente que reúne la Gestión de Acceso (AM), el Gobierno de Identidad (IGA), el riesgo y Cumplimiento de Identidad (IRC) y la Gestión de Cuentas Privilegiadas (PAM) en una plataforma integral.
En Soffid llevamos años trabajando en la Gestión y Gobernanza de accesos e identidades de organizaciones públicas y privadas tanto a nivel nacional como internacional (en más de 25 países de los 5 continentes).
Compartiremos esta experiencia en nuestro próximo Webinar “Beneficios de la Gestión de Identidades a través de
una Plataforma Convergente”, que impartirá nuestro CTO y Fundador, Gabriel Buades, el Jueves, 24 noviembre 2022 a las 16.00h.
Reserva, Plazas e Inscripción
La disponibilidad de plazas es limitada, por lo que, si está interesado en acompañarnos, le rogamos que formalice su inscripción lo antes posible desde aquí.
¡Le esperamos!
by Rebeca | Nov 2, 2022 | cybersecurity
There are many trends in cybersecurity today, as organizations battle ever more cunning and prevalent cybercriminals; new tools and methods are emerging all the time.
This adds another layer of security to even mature IAM deployments, said Mary Ruddy, a VP analyst at Gartner.
“Identity is now foundational for security operations (identity-first security),” she said. “As identity becomes more important, threat actors are increasingly targeting the identity infrastructure itself.”
Simply put, “organizations must focus more on protecting their IAM infrastructure.”
Securing identity with identity threat detection and response
Stolen credentials account for 61% of all data breaches, according to Verizon’s 2022 Data Breach Investigations Report. Gartner, meanwhile, attributes 75% of security failures [subscription required] to lack of identity management; this is up from 50% in 2020, the firm reports.
As noted by Peter Firstbrook, a research VP at Gartner, organizations have spent considerable effort improving IAM capabilities, but most of that focus has been on technology to improve user authentication. While this may seem beneficial, it actually increases the attack surface for a foundational part of the cybersecurity infrastructure.
“ITDR tools can help protect identity systems, detect when they are compromised and enable efficient remediation,” he said.
ITDR is a new acronym Gartner uses to describe the security discipline that protects the identity infrastructure. Much like network detection and response (NDR) and endpoint detection and response (EDR) protect critical infrastructure in the organization, ITDR is required to protect the systems that control identity and access across the organization. Now that identity has become the new perimeter, the detection gaps between traditional IAM solutions and infrastructure security controls are constantly exploited by malicious actors, inside and outside the organization.
Before searching for the tools to protect your identity infrastructure, we recommend identifying the gaps in your environment by following the below 3 steps:
Step 1: Assess Identity-First Security Posture
Examine the identity risk level across your cloud environment by reviewing actual access privileges and identifying stale accounts, over-privileges, and privilege escalation paths. The proliferation of identities and assets together with the dynamic nature of the cloud often leads to hidden, unused and excessive access.
For example, “More than 95% of accounts in IaaS use, on average, less than 3% of the entitlements they are granted, which greatly increases the attack surface for account compromises.” Gartner Innovation Insight for Cloud Infrastructure Entitlement Management, published on 15 June 2021 by Henrique Teixeira, Michael Kelley, and Abhyuday Data.
Reviewing all cloud services and applications for illicit access can be very time consuming and error-prone. CIEM (Cloud Infrastructure Entitlement Management) solutions can help identify over-privileges in IaaS. If you wish to cover all your bases, it would be beneficial to also review cloud applications and IAM tools to identify stale access from partial offboarding as well as privilege escalations across systems (shadow administrators and federation).
Step 2: Assess Identity Threats
Review the configurations and deployments of your IAM tools (IdP/SSO, IGA and PAM) to detect risks and threats such as exposed passwords, user impersonation, and unauthorized changes. Even mature deployments of IAM solutions may be exposed to identity threats due to misconfigurations or even by design.
A point-in-time assessment will provide you with an estimate of your exposure level and indicate the prioritization and extent of your ITDR adoption for ongoing protection. Identifying where you are exposed will also help determine who should own ITDR in your organization.
Step 3: Examine Response Playbooks
Your SIEM, SOAR and XDR tools are handling incident response for your security infrastructure. Chances are that some of your existing playbooks can also be used for identity risks and threats. Review your existing playbooks to identify what will work for identity and access incidents and what requires adjustments, or new playbooks.
Some ITDR solutions will also provide automated remediation capabilities, such as disabling excessive access, and resolution recommendations (like moving from SWA to SAML). The severity and potential impact of incidents on your organization will determine the urgency and automation of your playbooks.
Find a solution for each IT challenge in your company with our powerful Converged Platform. Get a custom demo.
Fonts:
(1) Securityboulevard
(2) Venturebeat
Imagen de Pete Linforth en Pixabay
by Rebeca | Oct 26, 2022 | cybersecurity
According to the Esade Creapolis barometer “The challenges in Retail 2022: New perspectives and opportunities for the sector”, 62% of retailers, 20% more than in the 2021 barometer, express the need to rely on technology to improve the customer experience that is created through each interaction with the company, that is, its customer journey, becoming the fastest growing concern in the sector.
SMEs in the retail industry are the ones that have seen the viability of their business most endangered by cyberattacks, 43% of them according to the conclusions of the Ranking of Cybersecurity of SMEs prepared by Hiscox coinciding with the Cybersecurity Month that It is celebrated this October.
This ranking also shows that, on the contrary, small and medium-sized companies dedicated to financial and business services are the ones that best manage the cybersecurity of their businesses, retail companies are in seventh position.
Likewise, as the Interface blog points out, several studies were synthesized and concluded that 84% of the cyberattacks that occur in this industry include system intrusion, social engineering and attacks on basic web applications. In 87% of the cases the actors are external, and in 13% internal. Of the compromised data, 45% corresponds to credentials, 27% to personal data, 25% to payment data and 25% to other types of data.
In this delicate scenario, retailers need to develop several basic security policies:
• Restrict access to data as necessary.
• Encrypt sensitive data sent over open public networks.
• Periodically test security systems and processes.
• Manage threats to mobile devices (define policies and implement specific management solutions).
Additionally, companies need to have broad visibility and control across all environments; and they must monitor and respond to a rapidly changing threat landscape.
Prestashop Studio
In the latest survey carried out among Prestashop Million Club stores, which brings together stores that generate more than one million sales per year, it reveals that 46% of merchants have been the victim of a cyber attack. In the case of Spain, the figures exceed the world average, since one in two affected merchants (53%) had to deal with various types of attacks. 60% of those surveyed consider that the number of attacks is growing.
Most reported being attacked by malicious bots (60%), followed by DNS server attacks (50%), ransomware attacks (30%) and SQL injection (30%). Likewise, 10% experienced a Denial of Service (DoS or DDoS) attack and another 10% declared having suffered a change in the appearance of the web. These attacks are the most common, but merchants have had to deal with other less frequent but very real attacks. Thus, 20% of them speak of other threats such as database deletion and a significant increase in traffic volumes.
Consequences of the attacks and measures
The main consequence of these cyberattacks was the unavailability of the service (for 80%), and only 20% of stores suffered data theft, and 10% kidnapping of customer data. Likewise, 61% of the attacks are resolved in less than a day, 20% in an hour and 25% in half a day, highlighting that one out of every two attacks required an action to stop it, and the remaining 51% needed a more complex strategy to limit its impact, leading traders to conclude that this is a threat to be taken seriously.
Among the solutions, 51% hired an external service provider to solve the attack, 39% installed security patches and 25% installed a backup, and only 2% of those affected worldwide resorted to payment of a ransom to stop the attack. 22% have resorted to other strategies, such as analyzing traffic with a web agency, closing the online store or blocking attacks before hackers could take advantage.
The results also show that only 18% of merchants who have already been attacked have applied a minimum of five different measures, while this figure rises to 29% for those who have never been attacked.
Even though one in two merchants have never been attacked, cybersecurity remains a top challenge for 90% of respondents and a top priority for 24%. Being a serious and complex topic, even for digital players, 69% of merchants plan to outsource their cybersecurity management.
Safety recommendations
– Controlled access to PII with well-configured permissions. The principle of least privilege access is key: all identities should have only the minimum permissions necessary to perform their intended tasks.
– Scaling based at events during shopping peaks. This rapid scaling can minimize website latency and optimize customer shopping experiences, but it can also be very powerful in the hands of an attacker. This is why implementing least privilege is critical to all serverless features of major public cloud providers.
– Introduce improvements in the internal application of identity and access management (IAM). Enforcing least privilege on all systems is necessary, as enforcing multi-factor authentication for all employee access to a cloud environment can provide an additional layer of security by reducing the risk of credential theft. If we think that by compromising an unprotected work identity with sensitive access to cloud resources, an attacker can be allowed to gain access to those resources.
– Embedded application secrets. E-commerce sites are built on top of each other, integrating with payment services like Paypal or similar. When building their e-commerce applications, developers can sometimes leave credentials, passwords, keys, or tokens embedded in the code, exposing them to potential attacks. Across DevOps pipelines and eCommerce software supply chains, all secrets must be managed securely and rotated programmatically to reduce risk.
– Vulnerabilities in the e-commerce website. Without the proper layers of security, retailers are vulnerable to attacks such as distributed denial of service (DDoS), SQL injection, and skimming, which can disrupt business and allow attackers access to valuable customer data.
Soffid can help you to protect your data, shall we talk?
Sources:
(1) Cepymenews.es
(2) ITdigitalsecurity
(3) Inese
