Depth Security Co-Founder: Networks Only As Safe As ‘Weakest Link’

“You‘re only as secure as your weakest link and it may be an application that you purchased that’s sitting on your perimeter,” says Gene Abramov, principal security consultant at Depth Security, which is owned by All Covered.

While there is no way to completely safeguard a network against cyber attack, Depth Security principal security consultant Gene Abramov said regular penetration testing by a qualified third-party is your best bet to avoid common pitfalls that can lead to the worst intrusions.

“You need to find someone that is skilled at doing this, that can demonstrate exploitations and actually find those critical flaws that you desire to be found,” Abramov said at the Midsize Enterprise Summit, hosted virtually this week by The Channel Company,. “So, you have a scope that needs to be your (whole) company, not just a set of IP addresses, and it can actually occur from multiple perspectives, in the sense that you can test externally from the internet, internally from the LAN, wireless, you name it.”

Depth Security was acquired in July by the Konica Minolta-owned All Covered, a national MSP.

Abramov, who co-founded Depth Security and works as one of its offensive security consultants, discussed some recent “pen tests” that his team performed. In each of the cases, regardless of the industry, the results were the same. His team was able to gain administrative privileges in what could have been a “catastrophic compromise” of the systems. One involved a medical research organization where his team applied a common password to several accounts until one opened up.

Then there was the IT software developer.

“We enumerated services websites and apps, we identified a specific SQL injection vector inside a web application,” said Abramov (pictured above). “We obtained remote administrative control of the applications database server that way. Then we were able to bypass antivirus or endpoint protection software on that system, laterally spread, escalate privileges to Microsoft Active Directory domain admin, and yet again, we have control over everything through one web application block, and again, no one knew this occurred until we call them.”

Abramov said in addition to regular pen testing, firms should be rolling out multi-factor authentication to applications on the network, carry out password audits and blacklisting, install next generation anti-virus and firewall solutions, employ endpoint protection, as well as penetration testing the individual applications on the network, are all part of a regular cadence of security check-ups that every business should perform.

“You‘re only as secure as your weakest link and it may be an application that you purchased that’s sitting on your perimeter,” he said.

Konica Minolta was the victim of a ransomware attack in July, however the company said the attackers did not breach All Covered’s network.

“No impact to All Covered nor was any Konica Minolta data accessed or impacted,” the company said in a statement to CRN in August.

Ransomware attacks have only gotten worse in 2020, with hackers growing in sophistication to research their targets, choosing bigger solution providers in the hopes of massive paydays.

“In the past we used to see more of a wholesale approach to ransomware where everyone would be asked for $100,000 ransom or something like that,” Abramov said. “Nowadays, we‘re seeing a lot more targeted events occur, a lot more situational awareness by the attackers as well to ask for larger ransoms in a larger ecosystem, and a larger company.”

This year high-profile attacks by publicity seeking ransomware groups such as Maze and REvil have exfiltrated data from a growing list of large solution providers such as Conduent, Cognizant, and Xerox, as well as consumer tech companies such as Garmin. The criminals then threaten to release the documents including invoices, and internal communications, it if a ransom isn’t paid.

The Maze ransomware group has posted hundreds of gigabytes worth of data from its victims on a website where it also posts press releases about its latest successful attacks.

“Oftentimes, knowing that you‘re under attack is much more difficult than it should be, as we’ve seen in our examples,” Abramov said. “Twenty-four-by-seven effective monitoring and environment can help you identify your proverbial needle in the haystack and allow you to respond.”