Comments by: Thomas Richards, Principal Security Consultant, Synopsys Software Integrity Group
Compromised credentials continue to be the most likely entry point into a target organisation’s network.
To protect against such attacks, organisations should take proactive steps to enable multi-factor authentication on all externally accessible services and applications. Additionally, there are services that can be used to monitor dark-web sites for breach data including passwords, usernames, and email addresses that are relevant to the organisation.
These two steps, if implemented, would have made the attack much more difficult to carry out.
As a final precaution, organisations should configure their log monitoring and audit tools to alert on any suspicious logins including those outside of normal business hours or from IP addresses that have not been used by that user before.