Singularity™ Identity vs Persistent and Remote Access Tools

The attack on Cisco shows that identity-based attacks are a leading threat vector used in data breaches. From the perspective of a threat actor, targeting identity and access management gaps through compromised credentials is the quickest path to reaching a target’s resources and critical data. Attackers are very aware that Active Directory is the crown jewel of a business, granting them the ability to exfiltrate sensitive information, install backdoors, alter security policies, and more.

The threat actor leveraged Remote Desktop Protocol (RDP) and Citrix by modifying the host-based firewall configurations to enable RDP access to systems. Additionally, they installed additional remote access tools, including TeamViewer, LogMeIn, Cobalt Strike, PowerSploit, Mimikatz, and Impacket. They also added custom backdoor accounts and persistence mechanisms.

Singularity™ Hologram deploys decoys host production applications (e.g., SSH Servers, VNC, RDP servers). Singularity™ Identity distributes deceptive keys and credentials to these decoy servers to lure attackers away from production systems, including RDP and other remote access tools.