The Top 8 Ways That Privileged Accounts Are Exploited
Over the last six months the name Edward Snowden has been appearing in the news on an almost daily basis. He has appeared in articles about the US government, the National Security Agency and the CIA and reports have even suggested that he has received death threats from senior US officials.
So, what exactly did Mr. Snowden do to become the USA’s public enemy number one?
Basically Edward Snowden is the world’s most famous rouge employee. Snowden is a former NSA contractor who stole highly secretive information and disclosed it to the media, and the ramifications of his actions seem to have no end.
Obviously the case of Edward Snowden is very extreme but employees going rouge is not all that uncommon within organisations. This means that companies need to ensure all the ‘keys into their IT kingdom’ are secure and all passwords are kept completely up-to-date.
Large organizations typically have thousands of privileged accounts, which are often left unmanaged. Rogue insiders, former employees, criminal hackers and sophisticated state-sponsored attackers can exploit these unmanaged privileged accounts to anonymously access and extract an organization’s most critical data using these common attack vectors:
- Shared Accounts – Looking to cut corners and make things simpler, systems administrators often re-use the same password across multiple systems and among multiple administrators. While this may be convenient for the IT staff, if a hacker or malicious insider can get hold of this common, shared password, he’s just gained access to systems throughout the network.
- Storing passwords on a spreadsheet – Similar to shared accounts, one seemingly easy way for an IT team to keep up with all the administrator passwords they need for their jobs is to store them on a spreadsheet accessible to the entire IT group. It seems easy, but how can you track who is accessing these critical passwords and what they’re using them for?
- Don’t touch it and it won’t break – Large organizations have many specialized passwords called service or process account passwords.
These passwords are used in services, tasks, COM applications, IIS, SharePoint and databases. They’re difficult to find and track, so these passwords often remain unchanged. But even if the IT staff does try to change them, the change can potentially result in system crashes and downtime in unexpected ways. So, why bother, is the common attitude – at least until one of these old, static passwords falls into the wrong hands.
- Social exploits – A seemingly innocuous email might actually be the finely crafted work of a dangerous hacker. A privileged user inside a corporate network who clicks the wrong link might unknowingly be giving a hacker elevated rights into the network.Similarly, a clever hacker might be able to simply convince an unsuspecting user into revealing his password or install a flash drive or other device with harmful payload.
Brute force – This old school model of hacking involves tools commonly available on the Internet called “rainbow tables” that let hackers quickly break weak password and gain access to the network.
- Application exploits – Organizations that fail to stay up-to-date with required security patches to their Internet-facing applications are in for a rough ride, with published and unpublished exploits to Web services software, database platforms, and a host of other applications poised to give hackers control of your data.
- Former IT Admins and Contractors – Former employers and contractors often leave their jobs with their privileged account passwords remaining active – even long after the termination of their employment. So just because someone is no longer employed doesn’t mean he can’t still access his former systems and wreak havoc.
- Default passwords – Many hardware devices, applications and appliances – like firewalls and UTMs – come pre-configured with default passwords that are publicly known. If these default passwords aren’t changed, they’re an easy access point for a hacker.
Once Access is Obtained
Once a hacker accesses a password through one of these internal or external attack vectors, the intruder can leapfrog from system to system, compromising privileged accounts throughout the organization until the IT infrastructure is mapped and its most valued information can be extracted at will.
Securing Privileged Accounts
With automated privileged identity management solutions, privileged accounts are located, provided with unique, complex and regularly updated credentials, and all access is delegated and audited.
This means that even if one privileged password is somehow decrypted by a hacker, his access is only temporary and can’t spread beyond that single account – ensuring that your highly critical IT assets remain locked down.
Chris Stoneff is Director of Professional Services at privileged identity management vendor Lieberman Software.