IST_org277 karma2021-06-30 15:38:54 UTC
Bob: I'm a fan of the Cybersecurity Body of Knowledge (https://www.cybok.org/) and you can learn tons just by absorbing the MITRE ATT&CK content (https://attack.mitre.org/) (they update ~quarterly)
View HistoryShare Link
IST_org153 karma2021-06-30 15:13:27 UTC
Marc: Very likely as many ransomware groups have seen that high risk infrastructure is both out of date and backed by organisations that will rush to pay because of the impact when it goes down. As a result many of them actively look for vulnerable, exposed infrastructure associated with these kinds of organisations because they know there is a high chance of a good pay-out.
IST_org139 karma2021-06-30 15:01:12 UTC
Allan: There are something like 8 BILLION username/passwords available for sale or free on underground markets at any given time and that doesn’t even take into account the number or organizations that just use poor password management for internet-exposed infrastructure
IST_org136 karma2021-06-30 14:57:08 UTC
Allan: Remote Desktop Protocol, either through credential reuse or credential stuffing attacks
IST_org112 karma2021-06-30 15:04:56 UTC
Allan: 1. MFA, 2. Patching, 3. Endpoint protection AND monitoring, 4. scanning of remote infrastructure, 5. threat hunting for attackers.
Copyright © 2014 BestofAMA.com, All rights reserved.
reddit has not approved or endorsed BestofAMA, reddit design elements are trademarks of reddit inc.