Events , Fraud Management & Cybercrime , Identity & Access Management

Identity Systems: Attackers' Keys to the Kingdom

Semperis' Mickey Bresman on Ransomware's New Frontier: Identity and Backup Systems
Mickey Bresman, co-founder and CEO, Semperis

Ransomware attackers are increasingly targeting identity systems and backup files to gain control over organizational operations. Securing these systems has become critical to preventing cybercriminals from significantly disrupting operations and demanding ransom payments.

See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries

There is no single way for bad actors to access an identity system. They can target it directly from the start or breach other areas and then move laterally or escalate their permissions to reach the identity system, Bresman said. And the advantages are many.

"Once I have breached your identity system and I own your identity system, I can access anything in the organization. And if I take down the identity system, the organization is completely disabled. You cannot do anything because you cannot authenticate, meaning you cannot access any of your applications, no matter if on-premises or in the cloud," he said.

In this video interview with Information Security Media Group at RSA Conference 2024, Bresman also discussed:

  • Why leaky devices are an appealing initial access vector for ransomware actors;
  • Why password spraying, credential stuffing and brute force attacks are popular with hackers;
  • Why healthcare, manufacturing and financial services are seeing more threat actor activity.

Bresman began his technical career in the Israel Defense Forces Navy. His comfort zone is on the front lines, helping organizations thwart and respond to cyberattacks. Prior to co-founding Semperis in May 2014, Bresman was chief technology officer at YouCC Technologies, a Microsoft Gold Partner integration company.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.