In recent months, we’ve witnessed a series of devastating data breaches affecting some of the world’s most renowned businesses. Each breach inflicts staggering costs in terms of financial and reputational damage.
What’s lesser known is that many of these breaches began when a cyber attack exploited a single, unsecured privileged account. Large organizations typically have thousands of privileged accounts. And they’re often left unmanaged. Rogue insiders, former employees, criminal hackers and state-sponsored attackers can exploit these unmanaged privileged accounts. They can then anonymously access and extract an organization’s most critical data.
This means that companies need to ensure that their privileged accounts – the “keys to the IT kingdom” – are secure and all passwords for these powerful accounts are continuously updated. And that starts by knowing how privileged accounts are attacked.
Here are some of the most common privileged account attack vectors:
- Shared Accounts – Looking to cut corners and make things simpler, IT admins often re-use the same password across multiple systems and among multiple administrators. This is convenient for the IT staff. However, if a hacker or malicious insider can get hold of this common, shared password, he’s just gained access to systems throughout the network.
- Don’t touch it and it won’t break – Large organizations have many specialized passwords called service or process account passwords. They’re difficult to find and track, so these passwords often remain unchanged. But even if the IT staff does try to change them, the change can potentially result in system crashes and downtime. So, why bother, is the common attitude. At least until one of these old, static passwords falls into the wrong hands.
- Social exploits – A seemingly innocuous email might actually be the finely crafted work of a dangerous hacker. A privileged user inside a corporate network who clicks the wrong link might unknowingly be giving an attacker elevated rights into the network. Similarly, a clever hacker might be able to convince an unsuspecting user into revealing his password.
- Brute force – This old school model of hacking involves tools commonly available on the Internet (like “rainbow tables”) that let hackers break weak passwords and gain access to the network.
- Former IT Admins and Contractors – Former employers and contractors often leave their jobs with their privileged account passwords remaining active. And that’s even long after the termination of their employment. So just because someone is no longer employed doesn’t mean he can’t still access his former systems and cause trouble.
- Default passwords – Many hardware devices, applications and come pre-configured with default passwords that are publicly known. If these default passwords aren’t changed, they’re an easy access point for a hacker.
Once Privileged Access is Obtained
Once a hacker accesses a privileged credential through one of these internal or external attack vectors, the intruder can use that credential to leapfrog from system to system. He can map the IT infrastructure and extract its most valued information at will.
Securing Privileged Accounts
RED Identity Management, our automated privileged identity management solution, locates privileged accounts throughout the enterprise, provides them with unique, complex and regularly updated credentials, and audits access to them.
This means that even if one privileged password is stolen by a hacker, his access is time-limited and can’t spread beyond that single account. This least privilege model ensures that your critical IT assets remain locked down.
Want more tips on how a privileged password management system can secure your privileged accounts? Get our white paper, Best Practices in Privileged Identity Management.
If you like this topic, please subscribe to our Cyber Defense Newsletter.