On December 12, Fortinet reported on a heap-based buffer overflow...
I was on my way to the office on Thursday morning when I received an urgent call from Gregori regarding an Incident Response (IR) situation – a potential client was just hacked and hired us to take care of the situation. After speaking to the client to understand exactly what happened, the rest of the team arrived and we split up into two teams – one in charge of the negotiations with the hacker, and the other in charge of investigation and mitigation.
My team and I discovered the hacker had bypassed the endpoint protection software by using Windows BitLocker and standard encryption software.
How? One of the VPN users didn’t have 2FA (two-factor authentication), and was using strong user connections and communicating between the FW (firewall) and AD (active directory) with LDAP (Lightweight Directory Access Protocol). Because he was using the strong user setting on unencrypted protocols, the hacker was able to run scripts to encrypt the all of the servers and workstations, and then delete all backups within the server.
Unfortunately, this human error cost the client big money since all of their backups were deleted and the server was encrypted.
This attack can be prevented by ensuring all servers, workstations, and cyber security products are up to date. Additionally, it’s important to collect server logins and workstation activities in one place, use only encrypted protocols for password transfers, and use 2FA when it comes to VPN access.
By Menachem Tauman, Co-Founder and Chairman, QMasters Group of Companies
On December 12, Fortinet reported on a heap-based buffer overflow...
לא משנה כמה חזקה ההגנה שלנו תהיה, לפעמים דברים ישתבשו...
This video link has expired. Please contact Michelle at [email protected]...