There has been a recent development regarding a potent vulnerability. To help you stay ahead of the situation, please read the following to learn what the exploit is capable of and what can be done to protect against the it.
If you’re reading this, it’s very likely that you know how to use the internet. It’s also likely you’ve made an account on the internet somewhere. When you created your last account, what kind of requirements were you forced to use? For a number of web services, these requirements still follow the 2003 NIST SP 800-63 Appendix A standards that recommend an 8-character minimum, containing one uppercase, one lowercase, one digit, and one special character (Ex: Procircular1!).
During a penetration test, we’ve found that a common (and easy) way to gather credentials and gain an initial foothold on the client’s network is to perform a Man-in-the-Middle poisoning attack abusing LLMNR & NBT-NS. Depending on how active users are on the network, this attack can give an adversary valuable information almost immediately. Fortunately, with a little knowledge, this attack can be easily remediated.
What is LLMNR & NBT-NS?
U.S. Federal Bureau of Investigation (FBI) Special Agent Jeffrey Huber, who runs point on cybersecurity for the state of Iowa, was on hand at a recent ProCircular roundtable to talk about the FBI’s Cyber Division and its role in addressing cybercrime.