{"id":26543,"date":"2014-11-18T11:53:51","date_gmt":"2014-11-18T19:53:51","guid":{"rendered":"http:\/\/blogs.microsoft.com\/cybertrust\/?p=26543"},"modified":"2023-08-03T14:49:58","modified_gmt":"2023-08-03T21:49:58","slug":"precautions-protecting-v-perps","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/","title":{"rendered":"7 Precautions for Protecting Against Perpetrators"},"content":{"rendered":"<p>Cyberattacks and data breaches continue to dominate the news globally. The reality is that most organizations face the same often reported threats and are carrying on their work towards counteracting those risks.<\/p>\n<p>Some organizations victimized by cybercriminals have shared information publicly. Others have chosen to conduct investigations and share information about the attack in a more limited way, or not at all. As a result, media themes related to cyberattacks can at times lack detailed information, with heavy reliance on unnamed sources.<br \/>\nUnderstanding today\u2019s landscape and formulating corresponding strategies, remains important to help organizations protect themselves against the tactics that have become commonplace.<\/p>\n<p><strong>Phishing for a foothold<\/strong><\/p>\n<p>In some recent high profile compromises, phishing attacks have been the primary method used by attackers to gain access to the network of their targeted victim. A phishing attack is an activity that \u201cengineers\u201d social or behavioral responses to compromise security \u2013 no software vulnerability is needed to try to trick a person using a computer or device, into revealing their user name and password. Cybercriminals conducting attacks continue to successfully trick individuals into providing their network credentials. The attackers then use any stolen credentials to illegally access the victim\u2019s machine, or in the case of organizations, the network. Once credentials have been obtained, the attacker may attempt to steal more credentials and get access to further resources on the network. <em>For more information:<\/em> The latest <a href=\"http:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=44937\">Microsoft Security Intelligence Report<\/a>, volume 17, has more information on credential theft and how Microsoft is making it even harder for attackers to use stolen credentials.<\/p>\n<p><strong>Poor system hygiene<\/strong><\/p>\n<p>Another form of trickery has to do with attackers using malicious email attachments to try to compromise a person or persons\u2019 systems. Their goal is often to steal individual passwords or other network credentials such as passwords used for other applications or services, in place within an organization\u2019s environment. These attacks could take advantage of known areas of weakness. Ensuring systems take advantage of the latest updates to provide increased security, is important. In these types of email attachment attacks, users are tricked into opening those attachments. Unbeknownst to them, the attachments are malicious. These malicious attachments are designed to compromise the users\u2019 systems and enable the attackers to steal their credentials, and systems that are not up to date are at increased risk of attack. This type of \u201cdocument parser exploit\u201d has been common for several years.<\/p>\n<p><em>For more information:<\/em> The latest <a href=\"http:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=44937\">Microsoft Security Intelligence Report<\/a>, volume 17 has more information on document parser exploits. Primary areas include:<\/p>\n<ol>\n<li>Newer is better: running the latest version of document parsers, the latest service packs and security updates helps to protect against these types of attacks. Examples of document parsers are Microsoft Office, Adobe Acrobat, Adobe Reader, and others.<\/li>\n<li>Use Microsoft Update to keep your Windows based systems up to date. Microsoft Update will help keep all of your Microsoft software updated including Windows operating systems and Microsoft Office.<\/li>\n<li>Don\u2019t open email attachments or documents hosted on the Internet if you don\u2019t know and trust their source.<\/li>\n<\/ol>\n<p><strong>Privilege principles: least privilege not in use<\/strong><\/p>\n<p>Once cyberattackers have stolen credentials, they may be able to access their victim\u2019s network. On networks where least privilege principles have been implemented, attackers are often thwarted in their attempts to move swiftly across the network and achieve their goal of gaining access to resources they need to further compromise more systems.<\/p>\n<p><strong>Protect high value assets <\/strong><\/p>\n<p>Each organization needs to determine what they consider to be their crown jewels and how to optimally protect those high value assets. For a number of reasons, high value assets may be co-mingled with other assets, as opposed to being more isolated or protected, within that network. In choosing not to isolate assets, the number of people who can regularly access systems, increases. For a cyberattacker with stolen network credentials, they could now have access to those high value assets, simply because the most important ones weren\u2019t managed in a more protected or isolated way. Additionally, encrypting assets such as card swipe data, pin input data, data in flight, and data in storage, is as important a step as network isolation. These practices are not universally deployed by organizations and can contribute to the success of malicious activity. <em>For more information: <\/em><a href=\"http:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=44937#!section_2_5\">Microsoft\u2019s Security Intelligence Report<\/a> volume 17 has information on strategies covering the isolation and encryption of high value assets.<\/p>\n<p><strong>Protecting administrator credentials <\/strong><\/p>\n<p>Microsoft has published a series of papers on targeted attacks that includes guidance on mitigating credential theft. One such attack, called \u201cpass-the-hash,\u201d has been an attacker favorite for many years. This attack is typically used once the attackers have a stolen set of user credentials and have compromised the victim\u2019s network. The goal of the attack is to harvest as many stolen credentials as possible in order to further compromise the victim\u2019s network and remain undetected for as long as possible. Protecting administrator credentials is a critical step in containing this type of attack. Organizations that have not adopted these best practices are at increased risk against these well-known credential theft and reuse attacks. <em>For more information: <\/em>This recent <a href=\"http:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=36036\">paper<\/a> discusses Pass-the-Hash (PtH) attacks against Windows operating systems and provides holistic planning strategies that, when combined with the Windows security features, will provide a more effective defense against pass-the-hash attacks. The strategies are useful for all types of software, as the PtH attack type is regularly used against all systems.<\/p>\n<p><strong>Perpetrator\u2019s ongoing motivation <\/strong><\/p>\n<p>The main objective of targeted attacks continues to be the theft of high value data assets; not just compromising systems.<br \/>\nAttackers that target organizations do so because of the high value assets that exist there; such as personally identifiable information like credit card numbers or other personal information. Many criminals sell or trade such information to other criminals that seek to steal funds from bank accounts and ultimately steal identities. The victims of recent high profile attacks were targeted because they process millions of financial transactions and hold information on millions of consumers. These assets are more attractive to attackers than the satisfaction of compromising any system; whether Windows-based or any other operating system.<\/p>\n<p><strong>Protect, Detect, and Respond <\/strong><\/p>\n<p>Many organizations continue to use a security strategy centered on the concepts of protection and recovery. If only focused on these two categories, when the perimeter of the network is compromised,\u00a0\u00a0 controls may be lacking to detect attackers and contain malicious activity. A more holistic security strategy that assumes a breach may occur, will benefit most organizations. This includes the establishment of effective ongoing monitoring, detection, management, and operational controls.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cyberattacks and data breaches continue to dominate the news globally. The reality is that most organizations face the same often reported threats and are carrying on their work towards counteracting those risks. Some organizations victimized by cybercriminals have shared information publicly. Others have chosen to conduct investigations and share information about the attack in a [&hellip;]<\/p>\n","protected":false},"author":61,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3659],"topic":[3675],"products":[],"threat-intelligence":[],"tags":[3896,3753,3822],"coauthors":[1842],"class_list":["post-26543","post","type-post","status-publish","format-standard","hentry","content-type-best-practices","topic-information-protection-and-governance","tag-credential-theft","tag-cybersecurity-policy","tag-microsoft-security-insights"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>7 Precautions for Protecting Against Perpetrators | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"7 Precautions for Protecting Against Perpetrators | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"Cyberattacks and data breaches continue to dominate the news globally. The reality is that most organizations face the same often reported threats and are carrying on their work towards counteracting those risks. Some organizations victimized by cybercriminals have shared information publicly. Others have chosen to conduct investigations and share information about the attack in a [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2014-11-18T19:53:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-03T21:49:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-microsoft_logo_element.png\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Microsoft Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Microsoft Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/\"},\"author\":{\"name\":\"Microsoft Security\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/person\/5e590554faedd09ac3efefb75c24bd59\"},\"headline\":\"7 Precautions for Protecting Against Perpetrators\",\"datePublished\":\"2014-11-18T19:53:51+00:00\",\"dateModified\":\"2023-08-03T21:49:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/\"},\"wordCount\":1106,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"keywords\":[\"Credential theft\",\"Cybersecurity policy\",\"Microsoft Security Insights\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/\",\"name\":\"7 Precautions for Protecting Against Perpetrators | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"datePublished\":\"2014-11-18T19:53:51+00:00\",\"dateModified\":\"2023-08-03T21:49:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"7 Precautions for Protecting Against Perpetrators\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"7 Precautions for Protecting Against Perpetrators | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/","og_locale":"en_US","og_type":"article","og_title":"7 Precautions for Protecting Against Perpetrators | Microsoft Security Blog","og_description":"Cyberattacks and data breaches continue to dominate the news globally. The reality is that most organizations face the same often reported threats and are carrying on their work towards counteracting those risks. Some organizations victimized by cybercriminals have shared information publicly. Others have chosen to conduct investigations and share information about the attack in a [&hellip;]","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/","og_site_name":"Microsoft Security Blog","article_published_time":"2014-11-18T19:53:51+00:00","article_modified_time":"2023-08-03T21:49:58+00:00","og_image":[{"width":512,"height":512,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-microsoft_logo_element.png","type":"image\/png"}],"author":"Microsoft Security","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Microsoft Security","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/"},"author":{"name":"Microsoft Security","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/person\/5e590554faedd09ac3efefb75c24bd59"},"headline":"7 Precautions for Protecting Against Perpetrators","datePublished":"2014-11-18T19:53:51+00:00","dateModified":"2023-08-03T21:49:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/"},"wordCount":1106,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"keywords":["Credential theft","Cybersecurity policy","Microsoft Security Insights"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/","name":"7 Precautions for Protecting Against Perpetrators | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"datePublished":"2014-11-18T19:53:51+00:00","dateModified":"2023-08-03T21:49:58+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2014\/11\/18\/precautions-protecting-v-perps\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"7 Precautions for Protecting Against Perpetrators"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/26543"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=26543"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/26543\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=26543"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=26543"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=26543"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=26543"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=26543"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=26543"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=26543"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}