Resources within the trusted zone are assumed to have a level of authorisation and typically encompass corporate end user devices and servers, including database and core infrastructure services. Behind the Untrusted zone we have the Trusted zone (in practice, switched on organisations have multiple levels of network trust - DMZ, Core and the like, but let's keep things simple for the purposes of a history lesson). Corporate resources living within the Untrusted zone would (hopefully) contain minimal IP and data (think application presentation layers), and the focus of IT security at this layer would be on identifying/blocking malicious behaviour and minimising privilege. let's take a network as an example, we would typically define an Untrusted zone where every "actor" is treated as suspicious. Part of understanding the concept relies on appreciating the way things were traditionally (and, by and large, still) done. Don't worry, neither do most purporting to vend it. If you're working in the IT Industry, it's highly likely you've heard of the concept of Zero Trust, but don't really know what it's about. IT security is hard work, and this could have happened to almost anyone), the crux of the issue is: something was trusted that shouldn't have been. Whilst there are a number of things that went wrong in both cases - human error, insufficient detection and alerting capabilities, poorly architected/implemented perimeter defenses (and in defence of both organisations - it wasn't a lack of care or attention.
If we back up a few months, Optus found themselves victim of a similar "sophisticated" attack when a publicly exposed API was compromised, permitting access to an extensive cache of sensitive customer information. that's how I'd do it!" "That can't be sophisticated. Now, I would describe myself more of a hack than a hacker (and far from sophisticated), but as I read through the emerging details of the methods used to gain access to core systems at Australia's largest private health insurer - VPN details stolen, AWS jump box accessed and a Redshift instance logged into (presumably using credentials either also stolen, or discovered sitting somewhere on the box, which is what I'd be putting money on), I thought "That can't be sophisticated. That's what the Medibank breach and exfiltration is being described as.
0 kommentar(er)
