Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Attackers Capitalizing On Poorly Managed Privileged Accounts

Attackers Access Privileged Accounts

While attackers can break into networks using complex techniques, the reality is that most data breaches occur when attackers manage to get their hands on login credentials to administrator and other super-user accounts.

Attackers Access Privileged Accounts

While attackers can break into networks using complex techniques, the reality is that most data breaches occur when attackers manage to get their hands on login credentials to administrator and other super-user accounts.

Corporate and government IT systems are increasingly handling sensitive information, such as personally identifiable information, financial data, and even health records. These systems need to have appropriate security measures so that the data is safe, from both external adversaries and from malicious insiders. The problem is, many organizations aren’t adequately controlling or auditing who has access to privileged accounts, said Adam Bosnian, EVP Americas & Corp. Development at Cyber-Ark Software.

Privileged access points consist of privileged and administrative accounts, default and hardcoded passwords, and application backdoors, Bosnian said. Employees can use these privileged accounts to access the organization’s most sensitive data across systems, applications, and servers.

“Unsecured critical access points are a threat to all sensitive corporate data and systems and represent the greatest security challenge most businesses will face,” Bosnian said.

These accounts tend to be poorly managed, or neglected entirely, Bosnian said. Organizations may allow multiple users to share these accounts, which make it hard to figure out who performed which actions. The passwords are generally weak, and rarely changed. In the past, organizations generally focused on insider threats when thinking about privileged access points, but now cyber-criminals are increasingly targeting these accounts, Bosnian said.

On Tuesday, Cyber-Ark released its Privileged Identity Management Suite for Critical Infrastructure Protection to secure, manage, and monitor all privileged account access and activities across the operational environment to prevent potential cyber-attacks. PIM/CIP would manage privileged identities and secures remote vendor access, the company said.

Many critical infrastructure organizations have interconnected corporate IT systems and are now linked with traditionally segregated operational networks, making it possible for attacks on one network to affect other areas, Cyber-Ark said. The typical operational environment includes thousands of servers, databases, process logic controllers, Industrial Control Systems (ICS), network devices and applications which are all controlled by various privileged and shared administrative accounts, the company said.

“The security, control and auditability of these privileged access points are often neglected, while usage is hard to monitor,” according to the company.

Advertisement. Scroll to continue reading.

Securing Privileged Accounts Cyber-Ark PIM/CIP allows critical infrastructure organizations to identify all privileged accounts and associate them to authorized users so there is full accountability and usage is tracked. Real-time monitoring and recording means organizations know what is happening, and can terminate suspicious activity as soon as it is detected. Organizations can also enforce policies around privileged password usage, strength, and automatic replacement.

Businesses need to make controlling the access points a priority. A Gartner research report recently warned that organizations should “ensure that end users do not have administrative access” in order to reduce the impact of social engineering attacks.

In a survey co-sponsored by Quest Software (now Dell) and Microsoft earlier this year among global IT professionals, half of the respondents said the top compliance issue in their organizations was ensuring correct user access rights. “This challenge intensifies when administrators are given the ‘keys to the kingdom,’ with far-reaching, shared anonymous access rights to vital IT systems,” Quest said.

Privileged accounts were behind some of the more headline-grabbing incidents this year, Bosnian said, citing Flame, the South Carolina data breach, and even the Shamoon attacks at Saudi oil giant Aramco which investigators are claiming had insider help. Flame relied on the same privileged exploit as Stuxnet, the printer spooler vulnerability , to propagate itself throughout the network, Bosnian said. However, privileged accounts aren’t just being used for cyber-espionage and state-sponsored attacks. These accounts “are also the pathways that cyber-criminals are using to steal IP and data from businesses,” Bosnian warned.

Organizations are also aware of the risks. In Cyber-Ark’s 6th annual global IT security survey, businesses said the exploitation of privileged account access played a prominent role in “most of the world’s most notorious data breaches,” Bosnian said. Even so, 43 percent of respondents said their organizations did not monitor how privileged accounts were being used, or were unsure whether it was happening.

“At some point, businesses and government organizations need to wake up and understand that privileged accounts and passwords are the number one target for hackers,” Bosnian warned.

Related Reading: Stolen Login Credentials, Poor Security Practices Led to South Carolina Data Breach

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Funding/M&A

The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...