A report from Vectra reveals that 74 percent of all privileged access anomalous behavior detections came from an unknown host. According to the report, many companies are still not able to detect if privileged accounts were compromised. These types of behaviors reported were similar to those found in the Capital One breach.

 

Experts Comments

March 05, 2020
Tal Zamir
Founder and CTO
Hysolate
Attackers continue to target privileged users as they are practically their highway into the heart of the enterprise. Instead of fighting firewalls, hardened cloud services and perimeter defenses, determined attackers can follow a simpler two-step process to own an organization: the first step would be to identify a privileged user (e.g. an IT admin) based on his social network profiles; the second step would be to infect his laptop and to collect all of his credentials. By doing so, the.....Read More
Attackers continue to target privileged users as they are practically their highway into the heart of the enterprise. Instead of fighting firewalls, hardened cloud services and perimeter defenses, determined attackers can follow a simpler two-step process to own an organization: the first step would be to identify a privileged user (e.g. an IT admin) based on his social network profiles; the second step would be to infect his laptop and to collect all of his credentials. By doing so, the attacker can get access to domain management systems, email accounts, databases, customer information, etc. This is a single hop attack that doesn't even require any lateral movement within the network and can go unnoticed by normal enterprise security mechanisms. This is why we're seeing such a surge in malicious privileged account usage as the report highlights. Organizations must isolate access to privileged resources in a way that makes an infection on the user's laptop irrelevant.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.