14      0

1863385 - "That Server Wasn't Even Supposed to BE There Anymore..."

‐ Oct 19, 2021 10:30am

Time and again, we see that the key hosts implicated in cyber incidents, those where threat actors gain initial access or exploit to spread throughout the network, aren't even supposed to BE there anymore. These are testing servers that were stood up during testing and were supposed to have been shut down afterward. They are old development systems that linger, long forgotten, unmatched and unmonitored. They are legacy application servers "temporarily" exempted from security requirements. In this talk, we will look at several examples of how this can happen even in large, well-resourced organizations with otherwise mature IT operations. We will discuss how we can avoid this phenomenon in our organizations and use our awareness of this phenomenon in defending and threat-hunting on our networks.

Learning Objectives:

  • Describe how cyber threat actors seek out and take advantage of vulnerable hosts in enterprise networks.
  • Determine the most likely hosts in their enterprise that could be used by a cyber threat actor to gain or maintain access.
  • Describe the reasons why vulnerable hosts linger in organizations and how to detect and avoid this in their own organizations.




You must be logged in and own this session in order to post comments.

Joe Burgos
10/29/21 1:39 pm

Great info and scope of areas that we should be aware of and monitoring for all external threat vectors.