Blog

Though Amazon’s Relational Database Services (RDS) can make hosting a database much easier, using them can also present new challenges, including some that crop up when you’re trying to scan against security benchmarks or meet compliance initiatives.

Phishing still steamrolls organizations Phishing attacks rely on a single moment of inattention or ignorance. Follow a link and the results are front-page news. A strategy for combating these attacks on multiple fronts is vital. Alan R. Earls reports.

Many of the requests that we receive are limited in scope to Internet facing assets.  A true understanding of the threats facing your networks requires a complete evaluation of all possible threat vectors. So what kinds of vulnerabilities does an internal test find that an external would miss? Schellman was recently engaged to perform an external and internal penetration test for a software development firm. The external test revealed very little about the company. Strong firewall rules opened only the most necessary of ports (80 and 443) to the Internet. All external facing servers were well patched, running modern operating systems and lacked any exploitable vulnerability. However, the internal assessment told a completely different story. We began the test with no credentials on a “rouge device” that was placed on the internal network. A database server running an automation tool exposed a scripting console that allowed unauthenticated commands to be run on the underlying OS. A VBS script that downloaded an executable was run followed by another VBS script that executed the shell program.  With this foothold, we impersonated the token of a database administrator who also happened to be a Domain Administrator. A few commands later, we’d taken over the domain. If our client had only engaged us for an external test, none of this would’ve been found.

Activities related to Russian espionage can be found nearly everywhere in the past month.  First, it was the Season Finale of “The Americans”, then a NPR story on the evolution of Russian Espionage and finally it was revealed that the servers of the Democratic National Committee (DNC) had been breached by multiple Russian actors. Technical details about the attack remain scarce, but opinions are plentiful. Some attempts at attribution have placed the blame on traditional espionage by Russian intelligence assets, while individual actors have also claimed responsibility.  In particular, an individual named “Guccifer 2.0” claimed responsibility for the hack and offered files stolen from the DNC as proof. In the coming weeks a more complete timeline will emerge and more details about the vulnerability used to gain a foothold into the network will be revealed. It may be possible that more than one entity had access to the DNC data.  In all likelihood, the vulnerability that provided the initial access will be one of a few common methods malicious actors will use to gain access to a target network. Let’s look at some of the vulnerabilities that could be to blame and talk about what your company can do to prevent these kinds of attacks from happening to your networks.