Almost every network is vulnerable to a cyberattack, and today’s bad actors are relentless. Advanced cyberattacks can nest inside a network for more than 200 days on average before discovery, which is plenty of time for an attacker to stealthily gather private data, monitor communications and map the network. The key to blocking a cyberattack is not only knowing the steps that most bad actors take, but also controlling privileged access. If you have the ability to control privileged access, a cyberattack can be mitigated and you can avoid making the headlines for the wrong reasons.

1. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 1
The 7 Steps to a
Successful
Cyberattack: How to
Defend Against Them
Chris Stoneff
September 20, 2018

2. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 2
Chris Stoneff
VP, Security Solutions

3. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 3
Follow along on social media!
@Bomgar
#bomgarwebinar

4. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 4
• About Bomgar
• 7 common cyberattack steps
• Mitigating threats to stand up against
today’s threats
• Additional resources
• Q&A
Agenda

5. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 5
Privileged Access Security Solutions
IDENTITY
Protect and manage
privileged credentials
and accounts
ACCESS
Secure and manage
remote access and
privileged sessions
ENDPOINTS
Defend endpoints by
removing excess
admin rights

6. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 6
Planning and Executing Cyberattacks
• Reconnaissance
• Scanning
• Access and Escalation
• Exfiltration
• Sustainment
• Assault
• Obfuscation

7. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 7
Reconnaissance

8. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 8
Reconnaissance

9. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 9
Reconnaissance
– Metagoofil,
Exiftool, Strings,
Maltego

10. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 10
Social 360
• Monitors social networks
for other companies
• Offers special “crisis-
monitoring” service which
aims to identity protestor
activities that might be
threatening to companies
tarnished by scandals
The World’s Largest Social Networks

11. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 11
Attack Defense
Reconnaissance • Control sensitive information in public domain
Attacks - Defense

12. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 12
Scanning
• NMAP
• Nessus

13. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 13
Attack Defense
Reconnaissance • Control sensitive information in public domain
Scanning • Prevent information leakage to scanners
Attacks - Defense

14. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 14
• Hydra
• Mimikatz
Access and Escalation

15. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 15
Metasploit
• Target servers, network devices,
databases, web applications, endpoint
systems and virtual machines.
• Exploit machines, choosing from the
world’s largest public collection of quality-
tested exploits.
• Brute force passwords on over a dozen
services, including databases, webservers
and SSH.
• Launch a social engineering campaign to
compromise user machines with phishing
emails and malicious websites and
attachments.
• Jump from one compromised machine to
the next through VPN pivoting until you’ve
owned the entire network.
Access & Escalation

16. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 16
Access & Escalation

17. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 17
Attack Defense
Reconnaissance • Control sensitive information in public domain
Scanning • Prevent information leakage to scanners
Access & Escalation
• Control all passwords for accounts that allow
escalation or privileged access
Attacks – Defense

18. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 18
• Truecrypt
• Create encrypted volumes on
storage media which appear to be
random noise on the media and are
neither detectable nor recoverable
without the proper keys or
passwords
• Puff/OutGuess
• Hide data in images or audio files
• Corkscrew/OzymanDNS
• Tunnel SSH in HTTP
Exfiltration

19. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 19
• Truecrypt
• Create encrypted volumes on
storage media which appear to be
random noise on the media and are
neither detectable nor recoverable
without the proper keys or
passwords
• Puff/OutGuess
• Hide data in images or audio files
• Corkscrew/OzymanDNS
• Tunnel SSH in HTTP
Exfiltration

20. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 20
Attack Defense
Reconnaissance • Control sensitive information in public domain
Scanning • Prevent information leakage to scanners
Access & Escalation
• Control all passwords for accounts that allow
escalation or privileged access
Exfiltration
• Restrict access and monitor. Password and
session management
Attacks - Defense

21. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 21
• Access system and reach the
desired level of access
• Add “authorized” access
• Add ourselves to the list of users
that is legitimately allowed access
• Useradd on Unix-like
systems
• Netuser command on
Windows systems
• Create additional access to
applications, networks, and
any number of other
systems in the
environment
• Backdoors
• Exploit known application
vulnerabilities
• Ex: Target Breach
Sustainment

22. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 22
Attack Defense
Reconnaissance • Control Sensitive Information in Public Domain
Scanning • Prevent information leakage to scanners
Access & Escalation
• Control all passwords for accounts that allow
escalation or privileged access
Exfiltration
• Restrict access and monitor. Password and
session management
Sustainment
• Harden systems and applications; restrict outgoing
and incoming as much as possible and still
function properly
• Lock down admin access to systems
• Audit accounts, system access, open ports, and
other items that could be used to create a
backdoor
Attacks – Defense

23. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 23
• Usually requires administrative rights
• Achieved with simple commands
• cat / dev/ zero > file average system will
product 4 GB of zeros in 6 seconds
• Change system time settings
• Emails, logs, timestamps, etc. are
impacted
• Change the umask setting on a database
server
• Will result in database failures by
changing file settings in database
• Alter environment variables
• Linux: # echo “fs.file-max = 1” > >
/etc/sysctl.conf
• Tells system to only open one file
at a time
• System crash!
Assault - Software

24. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 24
• Requires administrative access
• Flash ROM
• Alter the functionality of the hardware, or disable the hardware entirely
• Delete drivers
Assault - Hardware

25. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 25
Attack Defense
Reconnaissance • Control Sensitive Information in Public Domain
Scanning • Prevent information leakage to scanners
Access & Escalation
• Control all passwords for accounts that allow
escalation or privileged access
Exfiltration
• Restrict access and monitor. Password and
session management
Sustainment
• Harden systems and applications; restrict outgoing
and incoming as much as possible and still function
properly
• Lock down admin access to systems
• Audit accounts, system access, open ports, and
other items that could be used to create a
backdoor
Assault
• Control administrative rights on a machine
• Prevent attackers from gaining administrative
rights on the system
Attacks - Defense

26. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 26
• Location obscuration
• Log manipulation
• File manipulation
Obfuscation - Smokescreen

27. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 27
Attack Defense
Reconnaissance • Control Sensitive Information in Public Domain
Scanning • Prevent information leakage to scanners
Access & Escalation
• Control all passwords for accounts that allow
escalation or privileged access
Exfiltration
• Restrict access and monitor. Password and session
management
Sustainment
• Harden systems and applications; restrict outgoing
and incoming as much as possible and still function
properly
• Lock down admin access to systems
• Audit accounts, system access, open ports, and other
items that could be used to create a backdoor
Assault
• Control administrative rights on a machine
• Prevent attackers from gaining administrative rights
on the system
Obfuscation
• Control admin rights on a machine
• Log real-time file and log manipulation
• Export logs to secure systems
Attacks - Defense

28. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 28
Defending Against
Cyberattacks with
Bomgar’s solutions

29. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 29
Attack Defense Solutions
Reconnaissance • Control Sensitive Information in Public
Domain
• Privileged Identity
Scanning • Prevent information leakage to
scanners
• Privileged Identity + Endpoint
Privilege Management
Access & Escalation • Control all passwords for accounts that
allow escalation or privileged access
• Privileged Identity + Endpoint
Privilege Management
Exfiltration • Restrict access and monitor. Password
and session management
• Privileged Access + Privileged
Identity + Endpoint Privilege
Management
Sustainment • Harden systems and applications;
restrict outgoing and incoming as
much as possible and still function
properly
• Lock down admin access to systems
• Audit accounts, system access, open
ports, and other items that could be
used to create a backdoor
• Privileged Access + Privileged
Identity + Endpoint Privilege
Management
Assault • Control administrative rights on a
machine
• Prevent attackers from gaining
administrative rights on the system
• Privileged Identity + Endpoint
Privilege Management
Obfuscation • Control admin rights on a machine
• Log real-time file and log manipulation
• Export logs to secure systems
• Endpoint Privilege Management

30. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 30
• 2018 Privileged Access Threat
Report
• Bomgar Privileged Access
• Bomgar Privileged Identity
• Endpoint Privilege Management
Additional Resources

31. ©2018 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 31
Questions?
Thank you for joining us!