思科嘅安全事件揭示了未來攻擊將如何展開.
這是它是如何下降的:
1. 黑客獲得咗思科員工個人Gmail账户嘅訪問權限. That Gmail account had saved credentials for the Cisco VPN.
2. The VPN required MFA for authentication. To bypass this, the hacker used a combination of MFA push spamming (sending multiple MFA prompts to the user’s phone) and impersonating Cisco IT support and calling the user.
3. After connecting to the VPN, the hackers enrolled new devices for MFA. This removed the need to spam the user every time and allowed them to log into the network and begin moving laterally.
There isn’t a silver bullet in cyber security. 隨著組織推出像MFA噉嘅防禦措施, 攻擊者會搵到一種方法嚟繞過. 雖然這對組織來說可能令人沮喪, 係安全專業人員生活嘅現實.
我哋要麼對不斷嘅變化感到沮喪,一係選擇適應並保持警覺。. 它有助於認識到網絡安全冇終點綫 – 係一場無盡嘅生存遊戲.
Leave a Reply