AP Hack & Social Media Accounts – Another Great Example of the Danger of Shared, “Privileged” Accounts
As this week’s attack on the Associated Press’ Twitter admin account shows, unprotected and unmonitored shared privileged accounts can literally move markets. One simple Tweet, sent by an unauthorized person, sent the Dow Jones Industrial Average down by 143 points in a matter of minutes.
Privileged accounts, those all-powerful credentials that allow cloud, application and systems administrators to do their job, need to be considered as critical vulnerabilities that must be managed.
While most of the press coverage about the AP/Twitter attack has focused on the power of social media to move markets, we should also be looking at the risk inherent in a single, shared administrative account that allowed the attacker to post the Tweet in the first place.
The power of these accounts, and frequency of their use in major cyber-attacks, is outlined in CyberSheath’s recently released APT Privileged Account Exploitation research report.
“The Compromise of Privileged Accounts was a Crucial Factor in 100% of APTs”: CyberSheath Releases the First APT/Privileged Account Research Report
This week the Cyber-Ark team is excited to announce the availability of an important and revealing new research report: “APT Privileged Account Exploitation.” This is the first IT security industry report that truly highlights the distinct connection between the misuse of privileged accounts and Advanced Persistent Threats (APTs). While we have been warning organizations of this connection for some time now, this report brings to light the severity of the situation and the frequency of the “privileged connection” in significant and newsworthy cyber attacks.
To compile this comprehensive research report, CyberSheath’s advanced security investigations team interviewed CISOs and security professionals at organizations that collectively have more than $40 billion in annual revenues and more than 170,000 employees around the globe. They combined the results of those interviews with the analysis of several high-profile cyber attacks (including South Carolina Department of Revenue, The University of Georgia, the NASA Jet Propulsion Library, Red October and more) with related industry research to reach their revealing results. The report found that in 100% of these advanced attacks – privileged accounts were compromised. If the data from this report isn’t a wake up call for organizations, then we don’t know what is. As you will also read, attacks that leveraged these accounts were found to be more difficult to detect and stop, as well as more damaging and expensive to fix.
CyberSheath also provided best practices for organizations to follow that we here at Cyber-Ark couldn’t be more supportive of—including the requirement to implement the right tools to isolate, monitor and control every access point to all critical business systems, as well as secure, manage, and automatically log all activities associated with administrative and privileged accounts.
In Biology, DNA encodes the genetic instructions used in the development and functioning of all known living organisms. DNA is found in every living cell and is the foundation for control over the organism.
The same could be said about privileged and administrative accounts in the enterprise. These powerful accounts are at the root of almost every enterprise function and exist throughout the IT infrastructure. These accounts are found on desktops, laptops, databases, applications, network devices, and throughout cloud deployments.
Organizations want to manage these powerful accounts in order to minimize the associated risk of leaving them unattended constituting critical points of attack on the organization. However, often organizations are not aware just how many privileged accounts they have or where they exist. Since this information is scattered across the organization there is a real challenge to attain a true picture as to the status of privileged accounts.
This is why Cyber-Ark recently introduced Cyber-Ark DNA™ (Discovery & Audit) – the industry’s first stand alone solution that rapidly locates all privileged, shared and generic accounts without having to install anything on target machines.
Identifying privileged accounts has traditionally been a manual process – taking hundreds of hours of time from IT and creating a long and complex audit process. Given the number and variety of privileged accounts, identifying these accounts manually and gaining an accurate picture when they were last changed or used, has been impossible. Cyber-Ark DNA is the Watson/Crick of the Privileged Account Genome – enabling organizations to expose the magnitude of the privileged account security risk within their organization and get accurate insight into the compliance status of these accounts in preparation for the next audit.
Identifying the Privileged Pathway
Cyber-Ark is currently offering businesses the opportunity to use Cyber-Ark DNA for a free self-assessment to discover where their privileged accounts – and risk – exist.
One customer, who wished to remain anonymous, recently used Cyber-Ark DNA and made some startling discoveries. The company was looking for a solution to manage privileged domain accounts. Cyber-Ark DNA was run on about 100 servers. This included servers that were part of the company’s effort to outsource some IT functions.
Cyber-Ark DNA discovered two things across these servers:
- Some of the servers scanned had unmanaged admin accounts created by the IT outsourcer and had not been changed for more than 200 days, despite being used recently which presented a tremendous security risk;
- Employees who had left the company created personal admin accounts which was a substantial audit finding
This discovery led to significant policy changes for the organization and put the management of local admins on a much higher priority level.
Why is this important? Privileged accounts are increasingly being used as high value attack points in almost every advanced attack, and were the root cause of breaches such as Saudi Aramco, Stuxnet, Red October, Subway Restaurants, Global Payments, the Utah and South Carolina breaches, and the U.S. Department of Energy among others.
Every privileged account is a potential attack point. Unmanaged and unprotected privileged accounts are a white flag to cyber-attackers that indicates your intellectual property and sensitive data is open for business.