Identity-focused attacks remain the most vulnerable entry point to an organization

How a CISA red team assessment proved one agency’s hardened network was still vulnerable to phishing attacks and credential theft.
identity attacks
(Getty Images)

The Cybersecurity and Infrastructure Security Agency (CISA) released a shocking report on February 23, 2023, revealing the results from a red team assessment they conducted in 2022 “at the request of a large critical infrastructure organization with multiple geographically separated sites.”

According to CISA, “the team gained persistent access to the organization’s network, moved laterally across the organization’s multiple geographically separated sites, and eventually gained access to systems adjacent to the organization’s sensitive business systems (SBSs).”

The initial access was gained through spearphishing emails — also known as business email compromise (BEC) — which targeted specific users in the organization.

Security leaders from Proofpoint walked us through these report findings and detailed why identity-focused attacks remain the most vulnerable entry point to an organization, in a recent report, “Putting Federal Security Controls to the Test,” produced by Scoop News Group for FedScoop, and underwritten by Proofpoint.

Read the full report.

“There are a lot of different ways threat actors can get that initial access [into a network],” shared Garrett Guinivan, solutions architect and threat analyst at Proofpoint. “And often what leaders don’t realize is the high number of threats coming in via email.”

Once an attacker has access, many organizations don’t have the tools to alert them that they are inside their environment. The danger here is that an attacker can maintain persistence in the network, gather information, escalate their privileges and move laterally across the network until they are ready to launch their attack.

Hanna Wong, director of public sector solutions at Proofpoint, added, “cyberthreat actors are getting more creative with their attacks on people and using modern tools to obfuscate their activity. So, it is incredibly important that federal leaders integrate security solutions that are impactful and take the agency beyond meeting minimal compliance.”

This is where establishing identity threat, detection and response (ITDR) practices can be helpful. ITDR focuses on detecting and preventing credentials and privilege account abuse from vulnerable identities in an organization. ITDR also deploys honeypots for early detection of an attack, giving defenders an edge in learning more about a threat actor’s techniques.

“ITDR platforms like Illusive, Proofpoint’s new acquisition, make it harder for an actor to move inside a network and provide an organization with both the visibility of risks that need to be remediated, in addition to providing alert mechanisms that make it harder for attackers to maintain a persistent presence or escalate their privileges,” explained Guinivan.

“Having accurate data of where your biggest threats are, and your true threat model, are ways we can help executives better understand where they need to invest their security resources,” he said.

Read the full report and learn more about integrating solutions that protect people and data from the latest cyberattacks.This article was produced by Scoop News Group for FedScoop and sponsored by Proofpoint.

Latest Podcasts