Ryan Rowcliffe, Field CTO, HYPR
2 Min. Read | May 18, 2021
Our hearts go out to the Colonial Pipeline team working the incident response.
Using the word “breach” in a title is ubiquitous across most identity companies’ blogs right now. This is the way of any company in our space. Attacks are common enough and it’s often the same tactics: Ransomware-as-a-Service (RaaS). In this model, profit is shared between the owners and partners who do the heavy lifting of providing access to organizations and deploying the ransomware.
It is evident attacks have become more economical and have greater returns with less investment necessary. This leads to the ever growing number of security companies writing blogs based on current events. This specific attack hit quite a few more people where it really matters here in America. We need and love our cars.
FireEye recently published an insightful article specifically on the DarkSide hacker group which we strongly recommend a read. The initial compromise consisted of the following:
- Suspected password attacks on perimeter infrastructure
- CVE-2021-20016
- Malicious emails with links
This illustrates that password compromise, or acquisition was required before the hackers could move to the next step in the attack lifecycle.
One thing remains tried and true: at the heart of these attacks, it often involves a credential of a user or privileged user. The techniques deployed include Brute Force, Password Spray, Dictionary Password Attacks, Mimikatz, etc. Businesses and their IT and security teams attempt to mitigate these attacks with methods that have grown tiresome and obsolete:
- Create a complex, 16-character password
- Rotate your passwords every 60 days
- Invest in a password manager
- Implement 2FA / MFA
We need to stop treating the symptoms, and treat the root problem in this security oversight. The problem is the Password. There are a multitude of authentication methods your organization can employ, but not all address this problem. We’ve compiled those into an Authentication Attack Matrix, spelling out how each type of solution addresses individual threat categories. Let’s face it, even MFA alone cannot solve this core problem if one of the factors is the password.
HYPR’s mission is based on the foundation that passwords are the highest risk component in any threat model. By removing the shared secret from the enterprise, businesses reduce the economical advantages of these types of attacks.
We look forward to 2021 as the year of acceptance. Acceptance that eliminating passwords for users is viable and a growing priority for businesses.
There is not a single vertical, sector or industry that is not affected by the ultimate threat posed by passwords. We are looking forward to the day which blogs like these are no longer warranted by identity companies.
To learn more about how a passwordless security strategy can benefit your business, we have a wealth of information available on our resources page.
