Over on the New School Security blog, Adam Shostack recently wrote an interesting piece on APTs but not the kind you’re thinking of. He was referring to “Authorization Preservation Threats,” and his subject matter was the 2011 DBIR. The post centered on the plethora of incidents stemming from exploits/failures related to authentication and authorization we observed in among the 761 incidents we analyzed this past year.

In the post, he mentions that he’d like to know the overlap between brute force attacks and default credentials. Happy to oblige, Adam.

• Brute force only: 40 incidents
• Default creds only: 97 incidents
• Both: 160 incidents

Obviously, there are a lot of incidents that involve one or both types of attacks. As Adam writes in his blog “I don’t want to attack anyone¹s business here, but if you’re looking at any super-fancy technology before you’ve rolled out AD password policies and also mastered changing your passwords on the non-AD stuff, you’re ignoring the Authorization Preservation Threat.”

That’s pretty good advice if you ask me.

Tags: Cybercrime, Data Breach Report, forensics, Information Security

This entry was posted on Thursday, November 17th, 2011 at 8:48 pm and is filed under Analysis. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.