More Russian Hacking
Two reports this week. The first is from Microsoft, which wrote:
As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign.
The second is from the NSA, CISA, FBI, and the UK’s NCSC, which wrote that the GRU is continuing to conduct brute-force password guessing attacks around the world, and is in some cases successful. From the NSA press release:
Once valid credentials were discovered, the GTsSS combined them with various publicly known vulnerabilities to gain further access into victim networks. This, along with various techniques also detailed in the advisory, allowed the actors to evade defenses and collect and exfiltrate various information in the networks, including mailboxes.
News article.
Question • July 2, 2021 9:31 AM
How is attribution assigned in the case of compromised credentials? Is it solely IP or is it more than that?
Also rather than just change passwords or rely on users to implement unique challenging passwords, why can’t authentication be used to thwart brute force attacks?
If brute force attacks are identified by repeated attempts to login, then why not automate a lock on the account once password fails numerous times (3x?) which kicks off an alert to the authentication app on another device that not only requires the user to validate that the login attempt was them, but if they respond it wasn’t them then their account is automatically locked which notifies their cyber blue team. If the user doesn’t action on the alert, then the account is locked and the blue team notified. Apps can work with complex logic.
It seems that automation is required to solve the preponderance of brute force attacks, instead of putting the onus on end users to protect the world. Wherever I hear a suggestion like that I cringe.