Cyber-Ark labs analyzed a string of recent, high-profile cyber-attacks, including the malware attack against Saudi oil giant Aramco and the Subway restaurant breach, and concluded that the common denominator of each breach was the exploitation of privileged access points.
Privileged access points have become the primary target for enterprise attacks. Privileged access points consist of privileged and administrative accounts, default and hardcoded passwords, application backdoors, and more.
Cyber-attackers continue to breach the corporate perimeter through common means – including phishing attacks, malware infected attachments, social media viruses, and other methods. Once inside, cyber-attackers infiltrate privileged access points to gain access to additional servers, databases and other high value systems.
According to a Gartner Research report on advanced persistent threats, protecting against this type of threat requires locking down privileged accounts. The report concluded that “to reduce the impact of social engineering attacks, ensure that end users do not have administrative access; and when IT administrator access is required for system administration, perform these functions on isolated systems that are not used for email or Web browsing.”
Privileged accounts have served as the root cause of some of the most significant breaches in recent months, including:
The Flame virus – Flame, a virus considered the ‘mother of all cyberweapons’, had a sniffer component that scans traffic on an infected computer’s local network, collecting usernames and passwords. From here, attackers were able to hijack administrative accounts and acquire high-level privilege to other computers and network locations.
Saudi Aramco – The New York Times recently reported that ‘what is regarded as among the most destructive acts of computer sabotage on a company to date’ was traced to an insider with privileged access to the Saudi state-owned oil company’s computers.
Subway data breach – In New Hampshire, two men plead guilty to stealing payment information from Subway restaurants and according to the court documents, the men “remotely scanned the Internet to identify POS systems with remote desktop software applications on them. They logged into the systems over the internet and cracked the passwords to gain administrative access.” Once they gained access, they simply installed key logging software to capture data being input.
“For years, the discussion on securing privileged access points focused mostly on the insider threat and ensuring that only the properly credentialed had access to these power accounts. Sophisticated cyber-attackers understand the power and wide ranging access these accounts provide – which is why they continue to be the number one target in the majority of cyber-attacks,” said Adam Bosnian, executive vice president Americas, Cyber-Ark Software. “Unsecured critical access points are a threat to all sensitive corporate data and systems and represent the greatest security challenge most businesses will face. Identifying all privileged access points and locking them down should be a priority for any security and compliance conscious executive.”