Treacherous 12 Part 5: Account Hijacking

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:02
>> In this lesson we're going to talk about the risk
00:02
of account hijacking,
00:02
its impact and techniques
00:02
to address the risk of account hijacking.
00:02
Now account hijacking is very similar to
00:02
one of the other treacherous
00:02
of items that we've already discussed,
00:02
the flaws and identity or
00:02
unverified identity and access management.
00:02
But account hijacking specifically refers to,
00:02
when a threat actor,
00:02
hacker takes over a specific user's account
00:02
and uses it to do something
00:02
>> within the Cloud environment.
00:02
>> This can occur from insecure credentials,
00:02
flaws that are within a cloud application,
00:02
that allow a person to impersonate and gain access.
00:02
Once an account has been hijacked,
00:02
the attacker can really do a host of different things,
00:02
eavesdrop on transactions,
00:02
transmissions, communications, steal data.
00:02
They may utilize this stolen account
00:02
to launch new attacks,
00:02
leveraging the services within the cloud application.
00:02
The best way to deal
00:02
with account hijacking is really through training.
00:02
There's a majority of these account hijacking,
00:02
threats are going to come through phishing,
00:02
phishing or spear phishing.
00:02
To, training is essential to
00:02
ensure that employees who have access to
00:02
a cloud environment are wary of any email
00:02
or messages they receive that include
00:02
attachments or links from untrusted sources.
00:02
Another important thing to do when it comes to
00:02
training about account hijacking
00:02
is training with regards to,
00:02
Cross-Site Scripting attacks,
00:02
and Cross-Site Request Forgery attacks.
00:02
In Cross-Site Scripting,
00:02
the attacker has been able to manipulate
00:02
the login screen and takes
00:02
advantage of the user's trusted the website,
00:02
in order to steal their credentials.
00:02
In Cross-Site Request Forgery,
00:02
the attacker is redirecting the user to
00:02
a malicious site that's a clone of the original.
00:02
Now, another thing to
00:02
protect again against account hijacking,
00:02
is instituting things that
00:02
prevent what an attacker wants.
00:02
Certain amounts of the credentials are
00:02
stolen from fully gaining
00:02
access through things such as,
00:02
multi-factor authentication.
00:02
Even if the username password are compromised,
00:02
if the threat actor doesn't have
00:02
other means of authorizing
00:02
and authenticating themselves in the system,
00:02
they won't be able to really do much damage,
00:02
even if the account is stolen.
00:02
Then if that's a,
00:02
an attacker is able to successfully hijack an account.
00:02
Having good discipline over
00:02
your account management practices
00:02
to quickly disable and rovoke
00:02
access to accounts is essential to minimize
00:02
the damage that should be incorporated in
00:02
the incident response process,
00:02
if you suspect an account has been hijacked.
00:02
Then going back down to the application itself,
00:02
there really should be robust
00:02
application security testing to
00:02
look at the identity and
00:02
access and authentication mechanisms,
00:02
as well as,
00:02
effective protection of data in transit,
00:02
to ensure that accounts cannot be easily intercepted.
00:02
Credentials I should take
00:02
cannot be easily intercepted and
00:02
then used to produce account hijacking.
00:02
All right, quiz question.
00:02
Which of the following is most common type
00:02
of account hijacking attack?
00:02
Cross-Site Scripting,
00:02
Cross-Site Request Forgery, or phishing.
00:02
If you said phishing,
00:02
hands down, you're correct.
00:02
Phishing does not necessary require
00:02
some robust and strong set of technological skills.
00:02
It can be incredibly low tech in its approach.
00:02
However, it really
00:02
leverages social engineering to manipulate
00:02
a user into disclosing
00:02
>> information that they should not.
00:02
>> In the case of account hijacking,
00:02
disclosing their username and password.
00:02
When it comes to efficient training,
00:02
there are certain populations that you
00:02
really should focus on more,
00:02
especially those with access to highly sensitive data.
00:02
Also iOS 11,
00:02
recent phishing campaign took
00:02
advantage of administrative staff.
00:02
Many times, administrative staff have access to
00:02
the same critical and
00:02
confidential information as executives,
00:02
but they may not have the same training with regards
00:02
to phishing or be as cautious.
00:02
You have to evaluate your
00:02
organization, your phishing needs.
00:02
But training is really your best way to turn
00:02
people from liabilities into assets
00:02
in terms of identifying and notifying
00:02
your security team when suspicious activity occurs.
00:02
All right, in summary, we talked about
00:02
the threat of account hijacking,
00:02
talked about the impact of account hijacking.
00:02
We talked about the various methods to
00:02
address the risk of account hijacking.
00:02
Namely, training, segregation of duties in
00:02
the proper account manager to
00:02
revoke credentials if they've been stolen.
00:02
The implementation of MFA to
00:02
ensure that if credentials are stolen,
00:02
there's more to impede
00:02
a person from getting access to that account.
00:02
Then also making sure your application is
00:02
secure through effective testing
00:02
and that encryption is employed,
00:02
because people are going to be
00:02
accessing the cloud application
00:02
or cloud environment over the Internet itself.
00:02
All right, I'll see you in the next lesson.
Up Next