Expert Comment on Joint Advisory Around Russian Military Hackers Compromising Passwords

The National Security Agency, along with CISA, the FBI, and the National Cyber Security Centre has released the joint advisory: Russian GRU conducting global brute force campaigns to compromise enterprise and cloud environments. In response, experts offer perspective.

Experts Comments

July 05, 2021
Tom Jermoluk
CEO
Beyond Identity

Russian GRU agents and other state actors like those involved in SolarWinds – and a range of financially motivated attackers (e.g., ransomware) – all use the same “password spraying” brute force techniques. Why? Because they are so effective. Unfortunately, a misunderstanding of this technique is leading to shockingly flawed advice like the that given in the NSA advisory which, in part, recommends “mandating the use of stronger passwords”. The credential-gathering that preceded the

.....Read More

Russian GRU agents and other state actors like those involved in SolarWinds – and a range of financially motivated attackers (e.g., ransomware) – all use the same “password spraying” brute force techniques. Why? Because they are so effective. Unfortunately, a misunderstanding of this technique is leading to shockingly flawed advice like the that given in the NSA advisory which, in part, recommends “mandating the use of stronger passwords”. The credential-gathering that preceded the password spraying campaign most certainly collected short and strong passwords. And the Russian Kubernetes cluster used in the attack was capable of spraying “strong passwords.” The government went on to recommended a “Zero Trust security model that uses additional attributes when determining access, and analytics to detect anomalous accesses”. This sage advice requires a move to strong, continuous authentication. It also requires organizations to eliminate passwords because they are so completely compromised that you simply cannot achieve Zero Trust with them.

  Read Less
July 05, 2021
Saryu Nayyar
CEO
Gurucul

A growing number of ransomware attacks against infrastructure and critical industries, especially those suspected of state sponsorship and involvement, are prompting calls for an international agreement limiting the use of such “cyber warfare” tactics.

While such an agreement would be difficult to achieve, it is worthwhile for everyone to try to work toward this goal.  Ransomware and other types of cyber warfare can cause irreparable harm to critical infrastructures, and lead to an escalating

.....Read More

A growing number of ransomware attacks against infrastructure and critical industries, especially those suspected of state sponsorship and involvement, are prompting calls for an international agreement limiting the use of such “cyber warfare” tactics.

While such an agreement would be difficult to achieve, it is worthwhile for everyone to try to work toward this goal.  Ransomware and other types of cyber warfare can cause irreparable harm to critical infrastructures, and lead to an escalating level of counterattacks, even if the actual perpetrators are not clearly apparent.

A key aspect of any such cyber agreement is enforcement.  Attacks aren’t easily detected early enough to prevent, and once perpetrated, leave the victim at the mercy of the attacker.  By monitoring the thousands of potential security events to identify anomalies, governments and infrastructure providers can take action to stop an attack before it causes real damage.

  Read Less
July 05, 2021
Garret F. Grajek
CEO
YouAttest

It's heartening to know that the officials at the top of the western nations are finally taking this seriously. But one has to think that the cat is out of the bag. The malicious actors have learned that there is a high return on a low investment in international hacking. Most feel these organizations have profited so much from their ransomware attacks they have been able to buy political protection - at least up till now. 

Nothing has changed. The onus of cyber security is still on the

.....Read More

It's heartening to know that the officials at the top of the western nations are finally taking this seriously. But one has to think that the cat is out of the bag. The malicious actors have learned that there is a high return on a low investment in international hacking. Most feel these organizations have profited so much from their ransomware attacks they have been able to buy political protection - at least up till now. 

Nothing has changed. The onus of cyber security is still on the enterprise - especially since most of the government proposals come in the form of fining businesses for not conducting proper cyber security practices. Enterprises should start with the basics, especially around access and the question of "who has what" - and be alerted on identity privilege changes and change attempts, which are often an unheard first alert to an attack.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.