A report from Vectra reveals that 74 percent of all privileged access anomalous behavior detections came from an unknown host. According to the report, many companies are still not able to detect if privileged accounts were compromised. These types of behaviors reported were similar to those found in the Capital One breach.

 

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Tal Zamir
Tal Zamir , Founder and CTO
InfoSec Expert
March 5, 2020 10:53 am

Attackers continue to target privileged users as they are practically their highway into the heart of the enterprise. Instead of fighting firewalls, hardened cloud services and perimeter defenses, determined attackers can follow a simpler two-step process to own an organization: the first step would be to identify a privileged user (e.g. an IT admin) based on his social network profiles; the second step would be to infect his laptop and to collect all of his credentials. By doing so, the attacker can get access to domain management systems, email accounts, databases, customer information, etc. This is a single hop attack that doesn\’t even require any lateral movement within the network and can go unnoticed by normal enterprise security mechanisms. This is why we\’re seeing such a surge in malicious privileged account usage as the report highlights. Organizations must isolate access to privileged resources in a way that makes an infection on the user\’s laptop irrelevant.

Last edited 2 years ago by Tal Zamir
1
0
Would love your thoughts, please comment.x
()
x