Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Comment on Russian military hackers targeting NATO

December 2023 by Kennet Harpsoe, Senior Cyber Analyst at Logpoint

}News broke today that Russian military hackers are targeting NATO fast reaction corps (bleepingcomputer.com).

In response to the story,the comment below as sourced from Kennet Harpsoe, Senior Cyber Analyst at Logpoint.}

“Given the overall political situation the described attack should not come as a surprise for anyone.

The described attack is essentially an NTLM replay attack. NTLM is ancient and depreciated. The modern replacement is Kerberos.
Kerberos is standard even in Windows networks, but NTLM is used as a fall back and is thus still widely used despites its numerous and well-known security flaws.

If you can, disable NTLM in your AD, and if you cannot, make sure to monitor the NTLM traffic on your network. Are new users all of a sudden using NTLM authentication all the time? NTLM authentication requests should normally not be leaving your network. If they do, it should be thoroughly investigated. Track all NTLM replay attempts in your network from your AD log.

Enforce Signing (SMB/LDAP) and Extended Protection for Authentication (EPA) for all relevant servers, like domain controllers and email servers, to defeat most replay attacks.

Finally, one wonders why it is still not standard to encrypt emails at rest, with keys private to the recipients. PGP has been around for a long time. It’s not much fun stealing emails if you can’t read them.”


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts