Morey Haber: Identity Attack Vectors
In episode 6 of "In Security" podcast, host Mike Cataffo discusses identity security with Morey Haber, Chief Security Advisor at BeyondTrust. They delve into new security threat trends, changes in the cybersecurity landscape, and the importance of strong defenses in our digital age. You’ll learn about the significance of identity security, threat tactics developments, and the effectiveness of modern security solutions.
About our guest: Morey Haber
Morey Haber is the Chief Security Advisor at BeyondTrust and has over 30 years of experience in the IT industry. In his current role, Haber shares his passion for and expertise in identity security through education, writing, and speaking engagements.
Recognized as a thought leader in cybersecurity, Morey has authored five books: Privileged Attack Vectors, Asset Attack Vectors, Identity Attack Vectors, and Cloud Attack Vectors. He began his career as an engineer and held leadership roles at eEye Digital Security and CA Technologies. Morey earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.
Key takeaways from episode 6:
In this episode, you’ll gain insight into three rising trends in identity attack vectors:
- Credential-Based Attacks: This rising trend involves the theft or manipulation of user credentials to gain unauthorized access or reveal sensitive information.
- Privileged Identities: These accounts hold significant importance due to their high-level access within systems. If threat actors gain access to these accounts, they could cause severe damage, such as data breaches or ransomware attacks.
- Shift in Attack Methods: There is a noticeable shift towards more straightforward techniques like credential spraying and session hijacking. This change highlights the evolving landscape of identity attack vectors.
Identity attack vectors
Originally a Chief Security Officer, Haber made a significant career transition to become a Chief Security Advisor. This shift led him from working in Governance, Risk management, and Compliance (GRC) to focusing on education, public speaking, and designing architectures for privileged access and identity security solutions. Haber’s career transition mirrors the evolution of cybersecurity, where the focus has increasingly shifted toward identity security.
In the current cybersecurity landscape, Haber places significant emphasis on identity security. He observes that threat actors nowadays find it easier to use stolen credentials to gain access rather than hack into systems. This shift in threat actor behavior underscores the pivotal role of identity security in our interconnected digital world. To respond to these changes, Haber's work has also evolved from governance to securing all identity-related aspects.
Haber's enthusiasm for writing and public speaking is palpable as he talks about his five published books and an upcoming one, each focusing on different attack vectors. His journey as an author began with a dare from a boss who saw his writing potential, propelling him onto a successful path of authorship. His books serve as valuable resources in the field, shedding light on various aspects of cybersecurity.
In this episode, Haber explores how attack patterns have changed. He explains an incident in which an operating system vendor fell victim to a spray attack on a legacy site with global admin rights assigned to a single account without Multi-Factor Authentication (MFA).
Haber also discusses an incident involving a seemingly innocuous log entry that signaled a potential session hijacking event. At first glance, it appeared to be a logging error, but further investigation revealed it to be an external incident. Interestingly, Haber points out that there were no indicators of compromise on the premises, as the attack was executed entirely in the cloud. Both of these instances illustrate the vulnerabilities of identity security and reinforce the importance of robust cybersecurity measures.
The key takeaways from this episode underline the importance of specialization within the cybersecurity field, the growing prevalence of identity theft in cybersecurity breaches, and the critical role of security measures in our increasingly digitized world. Haber's insights offer a valuable perspective on cybersecurity's current state and identity security's crucial role in mitigating threats.