SMB Relay Attacks and How to Prevent the Attack from Occurring:
Last week it was revealed that there is a known flaw in Windows that can allow domain credentials to be compromised. Using the aptly named SMB relay, it is possible to leak your credentials when performing normal operations including visiting a web site, using Outlook to read your email or using Windows Media Player. The attack is carried out by the attacker positioning himself between a Windows computer and a server and intercepting the traffic between the two and relaying the traffic back.
Those credentials can then be used by the attacker to authenticate as the user on any Windows servers where the user has an account, including those hosted in the cloud.
Fortunately, there is very easy fix to this problem… Prevent SMB traffic from leaving your Local Area Network through the use of firewalls. That’s all it takes, proper configuration on your firewall to prevent SMB traffic outbound.
Contact The Atteberry Group today for a security evaluation. Let us manage your security so that you can focus on your business.
Leave a Reply