Many organizations rely solely on Windows account privileges to protect their networks. A recent security post revealed that attackers can gain control of your network by remotely modifying these privileges. This post reveals a new hack—called the ‘hot potato’—used to easily gain Administrative privileges and access to corporate networks.
How the heck can people get into your system? Well, this new ‘hot potato’ Windows hack makes it as easy as 1-2-3 for hackers to get into most corporate networks.
- Ask the network for its IP address
- Fake server proxy settings
- Authenticate a user’s credentials
To boil it down, the hackers gain access to a Windows machine and then increases their security privileges to the highest level on the machine. Then they take control of your network and start destroying your information…
Once the attacker gains high privileges on one machine of a corporate network, they can laterally transfer and compromise other hosts within the same domain. We often find that attackers normally gain access to a network through a low-privilege user. These users are usually poorly trained on security or have little stake in your business’ success to vigilantly follow strict security measures. They are also the least suspecting when it comes to network vulnerabilities and often create holes in your security fence.
While the ability to gain privileged access to Windows networks aren’t new (in fact, hackers have been able to gain network access since 2000), the way hackers now exploit Windows operating system is getting even more worrisome!
The process for attacking Windows operating systems is freely available online. Even the code needed to hack into your network is freely available! While Windows has known of these hacking vulnerabilities for some time, they have yet to create a fix. In their defense, fixes for these vulnerabilities are quite difficult and would require breaking backward compatibility (i.e., compatibility for older or legacy software).
How are you affected?
Using Windows security solutions to ward off cyber attacks is like coming to a sword fight with a toothpick! What you need to know is that without proper protection, you risk having competitors or hackers stealing your data! What you need to seriously consider is taking extra precautions when it comes to protecting your networks!
If you haven’t already, I would seriously recommend you reach out to Cheryl on our team soon to figure out a strategy that best protects you, your team members and your business.
