<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TR8PWW" height="0" width="0" style="display:none;visibility:hidden">


Subscribe to Email Updates

We promise to send you awesome stuff you'll want to read more than once.

Written by; John Walsh

No one really knows who my parents are or where I came from.  Some say my father was a Nigerian con-artist, but in my mind he is prince who happens to enjoy spear phishing.  Others say my parents were SSHPsychos from China.  The version about where I came from which I like the least is the rumor about an office romance which really was the result of some accidental download when Bob from accounting was convinced he was downloading a spreadsheet  attachment from HR.  This story might make you WannaCry, but rest assured it is only the beginning.  My name is Cyberattack and this story is not about where I came from.  This is the story of where I am going

Mr. and Mrs. Fortune 500, when you accidentally brought me into your business, your home, and whether you realize it or not I am now your responsibility. It is simply not enough to protect the perimeter of your business environment; you must also secure the internal network with Zero Trust.  This is because once inside your business, I deftly used common privileged elevation techniques to gain access to and use any and all of the unprotected credentials you have laying around to gain access to critical infrastructure.  As I gather more credentials from those machines I am able to Land and Expand across your business until I have access to everything.  This includes source code hosting repositories, websites, domain name services, and dedicated servers. 

I can now exfiltrate all of your source code, customer records, intellectual property, designs, bank records, and anything that makes you a business.  I can bypass your Digital Loss Preventions (DLP) systems and firewalls by using the same encryption credentials I stole to impersonate anyone and encrypt all data as I move it out of your business.  Now that I think about, this could kill a Fortune 500, but don’t blame me.  Your negligence and procrastination have enabled me.  I simply did what I was born to, what my parents taught me.

As I said before, it doesn’t matter where I came from or how I got in because once inside your business I was able to move from system to system and take whatever I wanted, turning what was once an issue on one machine into an enterprise wide crisis.   

This short story can have a different ending and it is not all doom and gloom.  You can take measures to help protect yourself.  To learn more, visit the following pages about monitoring encrypted traffic and controlling credential access and credential sprawl in the cloud or on-premises

Book the demo

AuthorJohn Walsh

Director, Product Marketing John Walsh serves as director of product marketing at SSH Communications Security where he is focused on raising industry awareness of risk and compliance issues of unmanaged credentials. John has over 15 years of experience in the IT security industry, having held product management, product marketing, and software engineering positions at IBM and SSH Communications Security. He has led the launch of PrivX On-demand Access Manager product. Prior to joining the company, he worked at IBM where he obtained a patent, contributed to solutions guides, and designed a number of key software features for security products such as LDAP, Firewall, and Java Cryptography. John holds a BS in Computer Science from Binghamton University as well as an MS in Management Information Systems from Marist College. 

OPT IN for our newsletter

To be honest, we don’t do much outbound marketing. So if you give us your email, we’re unlikely to spam you.

Subscribe to Email Updates

Want to know more about SSH.COM solutions?

We design best-of-breed commercial solutions for secure access that help our customers win in the global data economy.

Read more about our solutions

Related posts from the SSH.COM blog