Expert comment on joint advisory around Russian military hackers compromising passwords
July 2021 by Tom Jermoluk, CEO of Beyond Identity
Following the joint advisory from the NSA, FBI, DHS & GCHQ around Russian military hackers engaging in a campaign to compromise the passwords of people employed in sensitive jobs at hundreds of organizations worldwide, Tom Jermoluk, CEO of Beyond Identity comments the following:
“Russian GRU agents and other state actors like those involved in SolarWinds – and a range of financially motivated attackers (e.g., ransomware) – all use the same “password spraying” brute force techniques. Why? Because they are so effective. Unfortunately, a misunderstanding of this technique is leading to shockingly flawed advice like the that given in the NSA advisory which, in part, recommends “mandating the use of stronger passwords”. The credential-gathering that preceded the password spraying campaign most certainly collected short and strong passwords. And the Russian Kubernetes cluster used in the attack was capable of spraying “strong passwords.” The government went on to recommended a “Zero Trust security model that uses additional attributes when determining access, and analytics to detect anomalous accesses”. This sage advice requires a move to strong, continuous authentication. It also requires organizations to eliminate passwords because they are so completely compromised that you simply cannot achieve Zero Trust with them”.