Malicious SysAdmin

Following the news that a former IT administrator, working at a cowboy boot manufacturer in the US, has pleaded guilty hacking the servers and cloud accounts of his employer after they fired him should act as a warning to organisations of the damage a malicious employee can cause. Leo Taddeo – Chief Security Officer at Cryptzone commented below.

Leo Taddeo, Chief Security Officer at Cryptzone:

“The implications of SysAdmin [System Administrator] accounts that have carte blanche access to the system has been recognised as a major threat for a number of years. These accounts operate in an elevated position of trust, effectively a master key for every lock. If abused the damage could be devastating, as Lucchese Boot Company found out.

“The trust model is broken. In contrast, the Software-Defined Perimeter (SDP) effectively provides threat prevention by trusting no one and is based on a least privilege model. It takes an ‘authenticate first, connect second’ stance that ensures only authorised users can connect to network resources. Anyone, or thing, attempting to access systems are first checked against a list of variables that into account context before provisioning or declining the request. For example, in the case of an ‘elphaser’ admin account, it could be restricted to internal access via a certain IP address – all other variables would see the request declined. This would have meant that the former IT administrator would find themselves off the premises and also out of its infrastructure.”