06 Jan Multipronged Attack – Coming From Every Direction
Many cyber assaults are multipronged, especially the larger ones. One of our customers recently experienced an attack that dramatically illustrated this, highlighting the sophistication of the enemy and how we need multiple defenses, all working together.
It started with a Fortscale alert about a suspicious service account. The account was normally cyclical, operating precisely every 12 hours. But then the account started being accessed very frequently, triggering the initial alert. Shortly thereafter, Fortscale’s SMART Alerts started showing other anomalous but related events. The service account had accessed a resource that it had never connected with before, and that same resource was being repeatedly accessed by a different administrator account – one that also had never connected to this resource before.
Additionally, SMART Alerts showed that the source IP address being used by the administrator account was initially located overseas, but within a few minutes the same account was used to login again, this time from a different but still distant location – certainly impossible for a legitimate user to do within the timeframe.
At this point, security analysts were getting ongoing but related Fortscale alerts showing access attempts to multiple servers and applications, all from the same privileged user account and source IP address. Clearly the attacker was snooping around the network, looking for vulnerabilities and attempting to establish a broader foothold. At the peak of the attack, attempts were being made to get inside a customer database in order to exfiltrate sensitive data.
In this incident, multiple Fortscale solutions instantly worked together, involving several use cases for this one assault. Because of this, the attack was quickly detected and resolved. In the end, Fortscale had provided solutions for the following use cases – all related to this one incident:
- Service Account Compromise
- Privileged User Abuse
- Detection of Compromised User Credentials
- Snooping User Detection
- Data Exfiltration Attempts
- Suspicious Geolocation Sequence Hopping
With today’s sophisticated and multipronged attacks, analysts need all the help they can get. Fortunately, Fortscale intelligently pulls all the data together so the security staff can quickly see and understand the entire attack – in all its different aspects.
Contact us to learn more.