The telecommunications sector is a vital component to the operational success of nearly every existing sector. Roland Daccache, systems engineer manager MEA, CrowdStrike explains how an identity-centric zero trust architecture is key to mitigating cyberthreats targeting telecommunications sector in the Middle East.
Due to the critical role these entities provide for a range of sectors and the physical and psychological impact an attack against one of these entities can cause, organizations operating in this vertical face a multitude of cyber threats stemming from nation-state, criminal and hacktivist adversaries.
The predominant threat to this sector originates from nation-state adversaries suspected of seeking information that could support espionage, infrastructure access and access to customer data.
Many eCrime distribution campaigns that have directly affected telecommunications organizations tend to be opportunistic; however, campaigns that deliver malware associated with enterprise-focused Big Game Hunting (BGH) adversaries may enable additional operations designed to compromise organizations that have a lot to lose by an outage and the resources to pay a significantly high ransom.
The recent public disclosures around high profile breaches, such SolarWinds’s and Microsoft’s software being leveraged by sophisticated attackers, has taught us that identity-centric attacks have increasingly become an integral element of breaches and enterprises need to step up security around the identity stores in order to minimize the attack surface.
CrowdStrike has highlighted malicious actors now favour identity-centric attacks because using legitimate credentials is a generic method, much harder to detect and usable at an operational cost that is significantly lower than other types of attacks such as zero-days and custom supply-chain attacks. Compromised credentials can be used to access resources — including employee credentials, privileged users and service accounts. Thus, even a well-designed IT environment implementing appropriate role-based access controls can fall victim to the weaknesses posed by reliance on credentials without real-time contextual identity.
In order to address the massive gaps in detection capabilities around detection of advanced reconnaissance (e.g., LDAP, BloodHound, SharpHound, credential compromise attacks), lateral movement (e.g., RDP, pass-the-hash (PtH), Mimikatz tool, unusual endpoint usage, unusual service logins, etc.) and persistence (e.g., Golden Ticket attack, privilege escalation, etc.), CrowdStrike is introducing to the Middle East, its latest solution, Falcon Zero Trust Identity Security.
CrowdStrike Zero Trust Identity Security enables organizations to identify threats in real-time, with no reliance on time-consuming log processing. The solution further permits intuitive threat hunting, so incident responders can investigate faster with unified domain access into detailed activities of every account across hybrid identity stores without the need for complex, string-based queries. Choose from a list of predefined search criteria, including authentication events, use of unencrypted protocols, user roles, IP reputation, risk scores and many more. If required, create and save your own search criteria to proactively sift through raw events and email them as periodic reports.
Organizations who choose Falcon Zero Trust can further build out flexible access control policies with simple rules of Zero Trust’s adaptive analysis, thus eliminating the need to write complex static conditions for every user. The policies are based on authentication patterns, behavior baselines, individual user risk score and device risk score (Zero Trust Assessment or ZTA score) to verify identities using MFA. This robust methodology secures access to identity stores and applications, with improved user experience.
