Delaware, USA – October 2, 2017 – Researchers from WatchGuard report that recently hackers have significantly shifted their priorities to credential theft. Almost half of the malware that they use for this purpose exploits zero-day vulnerabilities or is modified so that antivirus solutions cannot detect it. In addition, more than a third of attacks to steal credentials use the notorious utility Mimikatz. Adversaries also can leverage this tool for lateral movement inside the network of the attacked company after infiltration (as it was in the infamous attack of NotPetya virus in June this year).
Detecting the dump of credentials using Mimikatz is complicated. One of the methods to identify such dump is to add so-called “Honey Credentials” to the system and monitor their use. If you leverage ArcSight, QRadar or Splunk, you can download Mimikatz Defense Framework from Use Case Cloud, which allows you to monitor in real-time and detect any attempts of Honey Credentials usage. This use case warns you about the beginning of an attack on your company and allows you to take timely measures to ensure protection against it.