John's socks are getting lost and he's losing trust in his washer and dryer. At the same time, espionage attacks perpetrated by Cozy Bear and other hacker groups are threatening even the most secure environments. John offers advice for applying Zero Trust policies and other security measures to fortify your infrastructure.
Hey everybody.
Welcome to today's episode of John Has Trust Issues where I discuss the issues relevant to the world of authorization and zero trust in about 90 seconds or less.
We'll try. I'm John Martinez, I'm the technical evangelist over here at StrongDM and my trust issues stem from my washing machine who always transported at least one sock through the magic portal in the back of the machine out to the world of lost socks.
Today, let's talk about Cozy Bear, not My Socks.
Let's talk about Cozy Bear and their espionage attacks against Microsoft, against government organizations, government entities, other large organizations where they're targeting these organizations, as we know, as far as back in November of last year.
18
00:01:01.465 --> 00:01:03.845
And what they're trying to do is that they're trying to steal credentials or what they have done is they've still stolen credentials, targeting accounts that they think have the ability to elevate their privilege and create malicious OAuth, applications so that they can then, then turn, move laterally across their cloud infrastructure, steal sensitive data, email systems, et cetera, and steal sensitive data that they'll use at a later time for their strategic advantage.
A lot of these accounts are, they're trying to stay low key, meaning that there's targeting a small number of accounts that they think provide the maximum value so that they won't trigger alarms in sim systems and other monitoring systems.
So what can we do as mere mortals to be able to prevent this type of attack in our organization?
So let's go over a few things.
Number one, enforce MFA everywhere.
Have strong authentication everywhere.
Transition from least privilege to zero standing privileges everywhere possible so that when I log in in the morning, I have access to nothing.
Use continuous authorization with contextual signals like changing IP addresses, change in device trust, is my machine infected, et cetera.
And have strong observability across your audit trails so that they don't get access to what's going on, and so that you can see what's going on as well.
So that's it for today.
A few things that you can do in your environment, and again, I work at StrongDM where we have a dynamic access platform that enables our customers to secure privileged access across a whole bunch of infrastructure that's both cloud native and traditional Kubernetes clusters, databases, servers, et cetera.
Thank you very much for watching today.
