noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Hawaii Department of Transportation

Upcoming schedule for the H-1 Westbound Repaving Project through early[...]
George Mason University

New scalable computing technique will make analyzing Big Data easier
American Battle Monuments Commission

American Battle Monument Commission, Gold Star Families honor hundreds[...]

Technology

Gartner Inc.

09/24/2022 | Press release | Distributed by Public on 09/24/2022 09:50

Mitigating against the “original” APT - Annoyingly Persistent Teenager

Photo by Felix Koutchinski on Unsplash

The Annoyingly Persistent Teenager has struck once again!

Anyone who has raised children gets nagged on a regular basis, we either agree out of abject frustration or lose our temper, feel guilty and ultimately give into a "negotiated settlement".

The capacity for children, particularly in their early teens, to repeatedly and without relent ask over and over for something is truly magnificent.

In the world of cyber security, this capacity to "nag" has been weaponized to great success by threat actors still within their teens. If you have been reading the news recently, you may have noticed the recent Uber cyber-attack where a contractor was nagged for their multi-factor authentication (MFA) acknowledgment until they finally relented and clicked the "Approve" button.

At this point you are probably asking yourself "but how did the attacker get the contractors password?". Though those details were not shared, passwords paired with a second factor of authentication still suffer the same weaknesses that they had before MFA came into the picture. Users reuse passwords across many sites and services and if one of those services suffers a breach, the user risks having that password reused in other services where they may have accounts.

Here are three steps to better mitigate against the original APT,

Do not be lulled into a false sense of security because you have MFA. Both users and organizations let slip password hygiene because they have a second factor of authentication in place which - as this most recent attack shows - can be overcome simply by being annoying.
Factor-in signals from the MFA authorization process into the decision of granting access. The correct password repeatedly given followed by a few dozen rejected MFA prompts should be flagged and the user - if they do ultimately log-in - should be challenged for a numeric verification which is a feature in many MFA platforms.
Be realistic about your expectations of employee/contractor training. Employee awareness is a critical part of any cyber security strategy, but organizations often have wildly optimistic expectations from one or two hours of training per year, especially when that training is meant to overcome basic human nature.

Sharing and Personal Tools

Please select the service you want to use: