The Financial Times broke a story the other night about how the British Intelligence service MI5 was warning CEOs at major businesses that, “Foreign intelligence agencies are targeting IT workers at big businesses, hoping to recruit them and gain privileged access to sensitive computer systems.”
This is eerily similar to the story that emerged out of the Edward Snowden documents highlighting that the NSA was actively hunting sysadmins.
The reason that hackers, foreign agents and even our own government targets IT and sysadmins has nothing to do with the people holding those positions – it’s the privileged and administrative accounts that they have access to.
Privileged accounts are the most powerful in any organization and are designed to manage network systems, run services, or allow applications to communicate with one another. They are the proverbial keys to the infrastructure – which is why attackers or malicious insiders seek to steal and exploit them.
These accounts can provide absolute control over a company’s infrastructure, which is why security researchers like CyberSheath have highlighted that these accounts have been at the epicenter of 100 percent of all advanced attacks.
Attackers typically use techniques such as phishing to steal these privileged and administrative credentials. By exploiting these privileged accounts, they’re able to turn a company’s infrastructure against itself and cover their tracks. The result is that the attackers have broad access to every system on the network – and because these accounts are typically shared among IT, any malicious activity often appears to security systems as an employee traversing the network.
Symantec recently said in the Wall Street Journal that the perimeter is dead and that security should start from the inside. This is exactly why unmanaged privileged and administrative accounts need to be treated as critical vulnerabilities.
Organizations that focus on the people who have access to these accounts without monitoring, controlling and managing the accounts themselves are leaving themselves open to potentially devastating attacks.
The common denominator among all advanced attacks is that they occurred through an exploited privileged account. Attackers understand this. It’s time for businesses to understand the pattern as well and proactively address these critical security gaps.
CyberArk is the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk is trusted by the world’s leading companies — including 30 of the Fortune 100 — to protect their highest-value information assets, infrastructure and applications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.