Infosec Cloud
Solutions. Services. Training.

Are your legacy software applications letting hackers in?

Guest Post: Chris Lund

It’s a real challenge for any IT administrator to stay on top of network security against a constantly changing threat landscape.

The traditional network edge is now all but non-existent thanks to BYOD, homeworking and cloud-based software, and there are inevitable compromises to the hardness of network security as a result.

While it’s a considerable task to keep up to date with the various patches and updates for the newer tools, when breaches do happen, it’s often through older legacy tools that hackers gain access. 

It’s hardly surprising: business software and infrastructure has evolved enormously in the last few years. Those platforms on which businesses have been reliant on for 10, 15 years or more, were conceived for a different – dare I say a more innocent – era. They were designed to be housed in closed networks with less devices and as a result their security features fine for the times – are now no longer fit for purpose.

Exacerbating the problem, if those platforms are no longer the backbone of your business software stack, but now fulfill a supporting role, then it’s quite feasible they’ve not received the attention they should from your system admins.

And this is exactly the weakness which hackers thrive on, and through which so many large-scale breaches have been instigated.

Now you might be thinking that old database of outdated customer contacts is of no value to a hacker. But to do so is to misunderstand the dynamics of a hacking attack completely.

The truth is, legacy platforms are often the gateway into the system that eventually leads to a far more serious breach.

Credentials based attacks primarily involve hackers gaining access to weaker parts of the network, such as those legacy applications, using stolen credentials. They then use these as a platform to move laterally through the network, often over an extended period of time, eventually gaining access to core systems and critical business data through re-used passwords, sloppy integrations, or by installing key loggers on unsuspecting users’ machines. In unprotected networks, this can cause havoc, leaving the door open to subsequent follow-up attacks or crippling loss of data.

Scary stuff. So, what can be done about it?

Multifactor authentication solution providers (MFA) make much of their abilities to easily protect the latest web apps and end point devices with a tokenless, single-sign-on MFA solution.

But that’s not where our partner, SecurAccess’ protection capabilities end. Far from it. SecurAccess is designed to integrate with all major firewall, VPN and network infrastructure tools to enable you to ensure network-wide security MFA protection.

Plus, the beauty of implementing tokenless MFA at the network level is that it works in tandem with your firewall.

In doing so, not only does it enable authentication at the network edge, it allows multiple SSO access levels for different user groups, or enforces authentication when access to other, higher value areas of the network is requested. By authenticating at the traffic level, using a solution such as this means that even where the attacker has managed to obtain correct username and passwords, they are blocked from establishing further access.

From a security perspective this is powerful stuff: It’s not quite the silver bullet in dealing with sloppy password practices and malicious phishing attacks, but it’s a powerful tool in your armoury.

Learn more about how SecurAccess works with Cisco, Citrix, Palo Alto and other infrastructure providers to deliver network-wide security, by requesting a call with one of our consultants here.

  • Employee GDPR Awareness Training

  •  Identity-as-a-Service (IDaaS) solution

  • Tokenless Strong Authentication (MFA)

  • Next Gen Endpoint Security

  • Enquiry LinkedIn Spiceworks

    Deloitte hacked by stealing admin password

    It was revealed last week that Deloitte was hit by a major cyber attack that compromised its email system and certain client records.

    The attack was achieved by knowing the password of a single system administrator.

    With that simple piece of information, the hackers were able to gain access to Deloitte’s email services and, according to some reports, extract several gigabytes of data containing the content and details of clients’ email messages and attachments.

    The initial report of the Deloitte breach came from the Guardian, which revealed hackers had compromised the “confidential emails and plans of some of its blue-chip clients.” In response, the firm confirmed it had suffered a cyber-attack, but played down the significance by saying “only very few clients were impacted.”

     Well-respected security journalist, Brian Krebs, cites sources close to Deloitte who suggest the hack was likely more severe than that. The sources claimed the hackers accessed the entirety of the firm’s internal email database, and all administrative accounts.

    This same source said forensic investigators identified several gigabytes of data being exfiltrated to a server in the United Kingdom. The source further said the hackers had free reign in the network for ‘a long time’ and that the company still does not know exactly how much total data was taken.

    Meanwhile, Krebs’ sources say Deloitte has yet to identify the full pervasiveness of the attack.

    For a key system to rely simply on user name and password for access is a fundamental failure of security, and one that could easily have been fixed by the addition of multi-factor authentication (MFA).

    MFA provides maximum flexibility and ease of use, and can be rapidly introduced – thereby ensuring that a lost password no longer offers hackers an easy way into your organisation. Read our guide to choosing the right MFA solution to meet your specific needs.

    Request the MFA Buyer’s Guide:

    Full Name (required)

    Business Email (required)

    Job Title

    Company Name (required)

    Phone Number

    Enter these characters below: captcha