31 Aug Nearly All Damaging Cyber Attacks Involve Privileged Account Compromise
Reduce Risks with a Privileged Access Security Hygiene Check
– Imry Linden, VP Security Services Americas at CyberArk
Newton, Mass. – Aug. 30, 2018
In a cyber security program, one of the most effective, preventative steps an organization can take is to secure privileged accounts, credentials and secrets. Privileged access is what attackers use to move laterally, establish persistence and gain access to the crown jewels. According to industry research and post-breach analysis, nearly all damaging cyber attacks involve privileged account compromise.
Prioritizing privileged access security is recommended by top industry analysts and industry leaders. Organizations recognize that the process of discovering and locking down privileged access is necessary and complex, especially at scale considering dynamic environments that include cloud, on-premises and hybrid applications. Moreover, it’s not only human access that has to be considered. Today, applications also have privileged access and this is increasingly important to understand with the rise in adoption of Robotic Process Automation (RPA).
Attackers relentlessly look for an organization’s vulnerabilities. Risk is constantly evolving – from human users to DevOps to applications to machines – modern organizations must also be agile and adopt the mindset and practice for continuous process improvement. There will always be a backlog of privileged access to address as “new.” It’s important to have a program in place to prioritize and focus tasks. This helps an organization to assess and reduce risks as the environment changes.
The CyberArk Privileged Access Security Cyber Hygiene Program
To help organizations establish and maintain a strong privileged access security program, CyberArk developed customized, step-by-step goals and an actionable process for achieving the highest level of protection against common attacks on privileged accounts, credentials and secrets. The program addresses these types of attacks:
- Irreversible network takeover attacks: Attackers establish persistence in an organization by performing an attack that is not only hard to identify but also so intrusive that the business must rebuild the network in order to remove the attacker – e.g., a Kerberos attack, such as a Golden Ticket.
- Infrastructure account attacks: Attackers leverage powerful default infrastructure accounts that exist on-premises or in cloud environments and are seldom used in day-to-day operations, but can provide the attacker with excellent opportunities for access to highly sensitive data.
- Attacks that leverage lateral movement: Attackers often steal credentials by gaining a foothold on endpoints and then moving laterally, for example by using Pass-the-Hash techniques, in order to steal elevated permissions.
- Targeting credentials used by third-party applications: Attackers compromise third-party applications that are used to perform operations such as deep scans in order to steal their embedded privileged credentials. From here, they execute attack goals while completely circumventing the targeted company’s defenses.
- Targeting *NIX SSH keys: Attackers leverage unmanaged SSH keys in order to login with root access and take over the *NIX technology stack. Unix/Linux systems house some of an enterprise’s most sensitive assets and Linux systems are increasingly deployed in the cloud. Individual accounts and credentials — including SSH keys — used to gain root privileges are often overlooked by security teams.
- Targeting DevOps secrets in the cloud and on-premises: Attackers can compromise secrets embedded in code and Continuous Integration/Continuous Deployment (CI/CD) tools, in order to exploit the environment for more pervasive access.
- Targeting SaaS admins and privileged business users: Attackers steal credentials used by SaaS administrators and privileged business users, in order to get high level and stealthy access to sensitive systems.
The program is designed to enable organizations to achieve greater risk reduction in less time, to satisfy security and regulatory objectives without further burdening the organization’s internal resources. For more information on our cyber hygiene program, download our whitepaper.
Imry Linden, VP Security Services Americas at CyberArk, the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline.