Earlier this week I wrote about a Financial Services firm that lost hundreds of thousands of dollars. The Lazarus group, a North Korean-backed cybercrime group, was successful in its phishing campaign. The network was infiltrated and the group successfully pivoted to corporate assets using stolen credentials. In an abundant world of data, organizations will continue to be targeted with phishing for credential theft. To safeguard against such an attack, organizations should monitor and limit where corporate credentials are being used.
Palo Alto Networks Next-Generation Firewall (NGFW) prevents credential phishing through user credential detection. Corporate credentials — username and/or password — that are submitted to a website can be scanned and alerted/blocked.
Credential submissions can be detected on website categories specified within a URL Filtering Profile. In the example above, user credential submissions are blocked for websites that fall under the social networking category. For best practice, it is recommended to block credential submissions on medium to high-risk category websites.
Prior to setting up user credential detection, you will need to have User-ID, Decryption, and URL-Filtering enabled. Enabling credential detection can be found within the actual URL-Filtering profile.
Cybersecurity awareness training can only go so far and users are bound to make mistakes. Check out this step-by-step guide and learning happy hour if you would like to add Credential Detection to your line of defense!
If you have any questions or comments feel free to drop a comment below or in the LIVEcommunity Discussion Forums.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
| Subject | Likes |
|---|---|
| 8 Likes | |
| 3 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes |
