From cyberdefensemagazine.com
Golden ticket attacks aren’t anything new to the cybersecurity industry, but the latest surge in successful attacks from the Chinese-speaking APT group, TA428, and other cyber espionage gangs, have served as a hard reminder for all on just how powerful these attacks can be. The incidents have also highlighted what aspects of an organization’s cyber health and readiness need to be prioritized.
It’s never a convenient time to experience a breach, but reducing the time it takes to detect the breach and the privilege sprawls an organization has can make a huge difference in how effective one is. As recorded in Verizon’s 2022 Data Breach Investigation Report (DBIR), the use of stolen credentials was one of the top ways attackers succeeded, and key among the culprits is privilege misuse, of which 80% is caused by privilege abuse, which is what lies core to the sophisticated golden ticket attack techniques.