Generally, when we think of securing our organization, we usually focus on securing the perimeter with firewalls, VPNs, limiting access points, and maybe some mail filtering to block malicious attachments. But some attacks that have been talked about recently show that this is no longer sufficient.
The Barium hacker group (allegedly operating out of China), has started targeting, not end target organizations, but instead their software suppliers to indirectly get to the end target organizations. And by doing this, hackers can attack not just one organization, but thousands in the same attack. This new type of attack is extra critical because vulnerabilities spread without any fault of the end target organization using the vendor’s software. By hiding malicious code within apps and software updates that end target organizations trust, supply-chain hackers may – totally stealthly – distribute malware onto potentially millions of computers at end targets organizations without any additional effort of the attackers. Very convenient way of getting a potentially undetectable gateway into the target organizations and a platform to orchestrate attacks from inside the target organization, all for the price of one attack.
Using this new type of attack, the attackers/hackers are tunneling into the target organizations “for free”, via remote command, and control launching attacks on the organizations internal infrastructure and connected systems. These attacks are devastating since organizations are usually not protected against such “internal” abuse. The attackers can easily and stealthly lurk around for months, and via tools like keystroke recording software on the infected computers, slowly gather intelligence, map the infrastructure, and record passwords that provide privileged access to connected systems right from the inside, all looking legitimate to the organization.
While we usually think of adding multi-factor authentication either to our own users’, vendors’ and partners’ remote access or customers accessing our systems remotely (depending on the business we are in), based on these new types of attacks, we need to seriously consider adding 2FA/MFA authentication to every business critical system, even the ones logically residing inside our virtual and/or physical perimeter. We can no longer trust that internal systems are by default protected by the perimeter protection already in place and therefore can use outdated single factor protections such as password-only. The sophisticated and stealthy new type of attacks attacking our vendors’ software supply chain requires 2FA/MFA for all critical systems, internally accessed as well as accessed remotely from outside.
Green Rocket Security 2FA/MFA solutions provide the critical components that make it possible to protect both remote access as well as internal systems, adding 2FA to a wide-range of applications and services (via RADIUS, LDAP AD, SAML, or Web API) and supporting authenticators such as YubiKeys and mobile devices (including our own push notification apps), all from a single point of management on your side. Flexibility and security, all in one package.