A vulnerability in the SolarWinds Orion product paved the way for immense cybersecurity attacks in 2020. Attackers slipped into corporate and government agency networks using compromised user credentials and then used powerful exploits to gain elevated administrative privileges. Central to the attacker’s strategy was security assertion markup language (SAML). It is a standard that guides networks of various organizations to share login credentials of authorized users.
SAML tokens act as admission tickets from one organization where a user is known to another organization or application, for example, when customers log into a bank and then want to check their mutual fund account at another institution. The bank would then pass tokens to the mutual fund for admission. These tokens are considered definitive proof that users are who they claim to be. By manipulating and forging these tokens, intruders can impersonate any existing users or accounts.
It’s no secret that protecting organizations from cyberattacks is complex. New threats emerge all the time, and well-worn attacks get reused in innovative ways. Attackers are bold. It’s rare that they get caught and punished. Instead, attackers approach each network like it’s a video game with levels to beat and treasures to unlock.
In preparation, security teams erect defenses against criminals, terrorists, fraudsters, and identity thieves knowing that, sometimes, one or two will slip through the layers of protection. Attacks come in all shapes and sizes—computer hackers looking for bragging rights, businesses attacking competitors, rings of criminals stealing personal and financial data, or foreign adversaries looking to gain access to information.
At the same time, organizations’ critical control infrastructures are aging, poorly staffed, misunderstood, and largely unprotected—leading to devastating losses. It is urgent that all organizations review their identity and access policies and infrastructure frequently to prevent unauthorized access and easy escalation of privileges:
- Stay abreast of vulnerabilities related to authentication.
- Analyze identity directories for accounts and systems with Active Directory domain administration privileges, reducing or revoking any unnecessary privileges.
- Employ analytical tools, machine learning, and even deception technologies to even the playing field.
- And, of course, strengthen the login process for every user with multi-factor authentication, including soft tokens, physical (USB) tokens, and new passwordless solutions.
Add new comment