A report from Vectra reveals that 74 percent of all privileged access anomalous behavior detections came from an unknown host. According to the report, many companies are still not able to detect if privileged accounts were compromised. These types of behaviors reported were similar to those found in the Capital One breach.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Attackers continue to target privileged users as they are practically their highway into the heart of the enterprise. Instead of fighting firewalls, hardened cloud services and perimeter defenses, determined attackers can follow a simpler two-step process to own an organization: the first step would be to identify a privileged user (e.g. an IT admin) based on his social network profiles; the second step would be to infect his laptop and to collect all of his credentials. By doing so, the attacker can get access to domain management systems, email accounts, databases, customer information, etc. This is a single hop attack that doesn\’t even require any lateral movement within the network and can go unnoticed by normal enterprise security mechanisms. This is why we\’re seeing such a surge in malicious privileged account usage as the report highlights. Organizations must isolate access to privileged resources in a way that makes an infection on the user\’s laptop irrelevant.