• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Cyber Security Solutions, Compliance, and Consulting Services - IT Security

We offer It security management, data, network, & Information security services for protecting information & mitigating security risks to your organization.

  • Home
  • About Us
  • Solutions & Services
    • Security Governance
    • NETWORK SECURITY
    • CLOUD SECURITY
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

5 steps to avoid credential dumping attacks

By kamran | At February 7, 2020

Feb 07 2020

5 steps to avoid credential dumping attacks

Credential dumping is a technique used by cybercriminals to gain access to a network. They enter the workstation through phishing and controls through the typical way the admin uses and monitors the network to find exposed credentials.

The cybercriminals find out organization vulnerabilities which lead them to credential dumping. Given are few ways to identify the vulnerabilities to avoid credential dumping.

Limit credential reuse

Firms should review their network managing techniques. You need to check the user password routinely against a database of breached passwords. If the password appears in the breached password list and is used in your network keeps the network vulnerable to cyberattacks. There is a various database of the password used in breaches available online, you can compare your password with them to avoid credential dumping. 

Manage local administrator passwords

Firms should manage the local administrator passwords as they should not be used across the network. They should deploy the local administrator password solutions. An additional module should be used in the web app which provides a simple web-based and mobile-friendly interface for accessing local admin passwords.

Once the cybercriminals get access to a network they harvest the left-behind hash value of the local administrator password Attackers and perform lateral movements throughout the network. 

Review and audit use of NTLM

Cybercriminals can get access to your network through a new technology LAN Manager (NTLM). Relying NTLM authentication in combination with any communication protocol keeps your network vulnerable to cyberattacks. To avoid credential dumping firms should review and audit the use of NTLM. 

Manage the access control list for “Replicating Directory Changes”

Cybercriminals use different accounts in your domain to get access to the network. They may misuse Microsoft exchange permission groups to gain access to the network. Firms need to monitor changes to security groups and access control lists. Auditing and monitoring for a change in ACLs will help to avoid credential dumping.

Monitor for unexpected processes interacting with Isass.exe

One of the best ways to avoid credential dumping is by monitoring the unexpected spikes in the lsass.exe process. Denial of service and malicious traffic can hide in the lsass.exe process as the domain controller use it as a normal process of the transaction. Firms should run the active directory data collector on their domain controllers and base-line to monitor the normal process in the network. 

Written by kamran · Categorized: Cyber security tips

Primary Sidebar

Recents post

US Healthcare Sector Under Siege: What 2025’s Cyberattacks Reveal About Healthcare Security

From ransomware hitting … [Read More...] about US Healthcare Sector Under Siege: What 2025’s Cyberattacks Reveal About Healthcare Security

Is Your Law Firm Overlooking These 3 Critical Cyber Risks?

From juggling client deadlines … [Read More...] about Is Your Law Firm Overlooking These 3 Critical Cyber Risks?

Healthcare Cybersecurity Updates: Ransomware, Data Breaches & AI Risks

Cyberattacks targeting … [Read More...] about Healthcare Cybersecurity Updates: Ransomware, Data Breaches & AI Risks

Categories

  • AI and cybersecurity (2)
  • blockchain (1)
  • Cloud security (29)
  • Compliance (25)
  • Cyber security news (108)
  • Cyber security threats (376)
  • Cyber security tips (370)
  • Data Security (3)
  • E-Commerce cyber security (3)
  • Education cyber security (1)
  • Enterprise cyber security (7)
  • Financial organizations cyber security (4)
  • General (22)
  • Government cyber security (4)
  • Healthcare cyber security (19)
  • Information Security (2)
  • Law Firms Cyber Security (9)
  • Network security (9)
  • Newsletter (1)
  • Privacy (1)
  • Ransomware (14)
  • remote work (1)
  • Risk assessment and management (6)
  • Security management and governance (9)
  • SME Cybersecurity (2)
  • Software Security (2)
  • Supply Chain Attacks (5)
  • System security (3)
  • Uncategorized (25)
  • Vendor security (14)

Archives

Footer

Infoguard Cyber Security

San Jose Office
333 W. Santa Clara Street
Suite 920
San Jose, CA 95113
Ph: (855) 444-6004

Irvine Office
19800 MacArthur Blvd.
Suite 300
Irvine, CA 92612

Recent Posts

  • US Healthcare Sector Under Siege: What 2025’s Cyberattacks Reveal About Healthcare Security
  • Is Your Law Firm Overlooking These 3 Critical Cyber Risks?
  • Healthcare Cybersecurity Updates: Ransomware, Data Breaches & AI Risks

Get Social

  • LinkedIn
  • Home
  • About Us
  • Solutions & Services
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

Privacy Policy Terms of Use Acceptable Use

Copyright © 2025 | All right reserved