Could the raid on Siafi have been avoided?

CLM and Vectra AI comment on the initial unsophisticated techniques used in the attack, such as phishing, and others that are already well known, such as stealing credentials with privileged access

CLM, a Latin American value-added distributor focused on information security, data protection, cloud and infrastructure for data centers, and Vectra AI, leader in detection, investigation and response (NDR solution) to attacks, comment on the invasion, carried out by cybercriminals on SIAFI – Federal Government's Integrated Financial Administration System.

Companies, which have just closed a distribution agreement for Latin America, realized, from the news released about the incident, how trivial attack techniques, such as phishing, still cause victims, and it is essential to educate users not to click on links, images or other attractions that infect the network. Advanced privileged access controls are also required, if possible, directly at the endpoint.

According to CLM, in the case of the attack on SIAFI, with the little technical information available, it appears that the criminals used the identity bypass in authentication, which integrates automated phishing and credential theft.

According to Priscila Orenstein, product manager for Vectra AI at CLM, intrusions like the one that occurred at SIAFI can indeed be detected and prevented, rather, with cutting-edge technology for detection and response, guided by Artificial Intelligence, such as from Vectra AI.

Vectra NDR detects intrusions months before they happen
“Attackers don’t come in and take control of a network overnight. They wait days, months, until they are ready to attack, a technique known as 'dwell time' or 'living off the land🇧🇷

Vectra NDR (Network Detection and Response) searches the network for reconnaissance activities used by attackers after doing the bypass of identity tools, called TTPs (tactics, techniques and procedures).

The Vectra AI solution is capable of identifying the use of these identity credentials outside of the organization's policy and alerting or interrupting a session until an investigation is carried out”, explains Priscila.

The fact is that, without network visibility and agile tools to interpret data, both external attackers and malicious insiders will have the advantage, resulting in significant financial losses.

Vectra NDR – AI-Driven Network Detection and Response
Vectra NDR identifies and stops malicious tactics across networks without the need for decryption, enabling organizations to see, understand and effectively respond to threats and attacks that other solutions miss. In this effective way, security teams reduce the time needed to adjust, hunt and investigate.

Vectra NDR provides:
Accuracy and context: With accurate insights and detailed context on detected threats, enabling an informed and effective response.

Early threat detection: Vectra, advanced NDR, can identify malicious activities on the network before they turn into full-blown attacks, enabling a proactive response, mitigating risks. Vectra doesn't just analyze anomalies, as other NDR tools do, but focuses on TTPs, which are used by advanced attackers.

Comprehensive Network Visibility: complete, detailed view of network activity that allows security teams to quickly identify and respond to hidden threats.

Reduced response time: Automated detection and response processes reduce the time needed to identify and contain threats, minimizing the impact on the total operation.

Protection against emerging threats: With the ability to continually learn and adapt to new attack patterns, Vectra, next-generation NDR, continuously protects against emerging threats with a high degree of sophistication.

Single place for communication and visibility: IT security tools do not have a central hub where they can all communicate and respond to telemetry using an automated method. Vectra is the Hub that unites all these tools and takes advantage of its Artificial Intelligence to automatically detect and respond to a cyber attack with great speed.

Phishing and EndPoint Security

CLM and VECTRA AI, who have just closed a distribution agreement for Latin America, analyzed the attack on SIAFI and once again show how trivial attack techniques, such as phishing, still claim victims, making it essential to educate users not to click in links, images or other attractions that infect the network. Advanced privileged access controls are also required, if possible, directly at the endpoint