Events , Fraud Management & Cybercrime , Identity & Access Management
Identity Systems: Attackers' Keys to the Kingdom
Semperis' Mickey Bresman on Ransomware's New Frontier: Identity and Backup SystemsRansomware attackers are increasingly targeting identity systems and backup files to gain control over organizational operations. Securing these systems has become critical to preventing cybercriminals from significantly disrupting operations and demanding ransom payments.
See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries
There is no single way for bad actors to access an identity system. They can target it directly from the start or breach other areas and then move laterally or escalate their permissions to reach the identity system, Bresman said. And the advantages are many.
"Once I have breached your identity system and I own your identity system, I can access anything in the organization. And if I take down the identity system, the organization is completely disabled. You cannot do anything because you cannot authenticate, meaning you cannot access any of your applications, no matter if on-premises or in the cloud," he said.
In this video interview with Information Security Media Group at RSA Conference 2024, Bresman also discussed:
- Why leaky devices are an appealing initial access vector for ransomware actors;
- Why password spraying, credential stuffing and brute force attacks are popular with hackers;
- Why healthcare, manufacturing and financial services are seeing more threat actor activity.
Bresman began his technical career in the Israel Defense Forces Navy. His comfort zone is on the front lines, helping organizations thwart and respond to cyberattacks. Prior to co-founding Semperis in May 2014, Bresman was chief technology officer at YouCC Technologies, a Microsoft Gold Partner integration company.