Hackers typically target privileged admin accounts to gain access to all computer systems in an organisation, says David Higgins, senior sales manager Cyber-Ark
“In many organisations, these accounts are not well managed or controlled, giving hackers unfettered, unaccountable access,” he told the Whitehall Media Identity Management 2013 conference in London.
This is compounded by the fact that there are typically up to four times as many privileged accounts as ordinary user accounts in any organisation.
Hacking attacks typically begin with intelligence gathering, followed by phishing emails to gain access to systems and, once inside, collecting credentials to escalate privilege.
This approach is common and has been used in many high-profile breaches, including the one at RSA, the security division of EMC in 2011.
“If hackers are able to gain control of a privileged account, they are able to bypass most conventional security controls to access and exfiltrate data and then delete the evidence,” said Higgins.
Read more about privileged accounts
- Stopping privilege creep: Limiting user privileges with access reviews
- Privileged user management a must for DBAs
- Privileged account policy: Securely managing privileged accounts
- Privileged accounts are hacker sweet spot
- Privilege access management: User account provisioning best practices
- Security Think Tank: Least privilege is key to blocking IP theft
- Intel CPU hardware vulnerable to a privilege escalation attack
- Windows security case study: Controlling Windows 7 user privileges
For these reasons, he said, it is important that privileged accounts are never shared and that admin passwords are never static.
“Putting some controls around privileged accounts is an important and simple strategy for making it more difficult for attackers to gain access to sensitive data,” said Higgins.
Ways of creating control points include requiring multi-factor authentication before allowing privileged access and continuous monitoring of users, he said, for both compliance and security reasons.
Organisations should also apply the principle of least-privilege, which is the practice of limiting access to the minimal level that will allow normal functioning.
Without controls to manage all areas of privileged access, he said, it is impossible for organisations to identify malicious activity and prevent hackers from abusing these accounts.