Hackers have learned to exploit a frightening and frequently ignored lapse in network security to gain control of victim networks. Find out what you can do to mitigate the risks of falling prey to this…
February 22, 2012
With several high-profile recent data breaches, including attacks on Google and Verisign, hackers have learned to exploit a frightening and frequently ignored lapse in network security to gain control of victim networks. Philip Lieberman, president and CEO of Lieberman Software, explains what you can do to mitigate the risks of falling prey to this scary new hacking trend.
By Philip Lieberman
It’s always easy in hindsight, but today it seems clear that the criminals behind recent, high-profile cyber attacks weren’t necessarily computer geniuses – just good opportunists. They were able to exploit human nature and then abuse an open door they knew they’d find.
These hackers utilize creative tactics such as highly targeted spear-fishing emails that lure unsuspecting users to open a malicious attachment, and then deploy zero-day malware onto a user’s computer. From that single computer inside an organization, the attackers can then exploit weak, shared privileged accounts to take control of systems throughout the victims’ network, map its infrastructure and extract sensitive information. Simple, but highly effective.
Potentially vulnerable privileged accounts are found everywhere in the IT infrastructure – on host computer operating systems, in network appliances and backup systems, and in line-of-business software. Privileged accounts can be categorized into three primary groups:
- Super-user login accounts utilized by individuals to configure, run and install applications, change system settings, handle routine administrative duties, and perform emergency fire-call repairs.
- Service accounts that require privileged login IDs and passwords to run.
- Application-to-application passwords used by web services, line-of-business applications and custom software to connect to databases, middleware, and so on.
The passwords that control access to privileged accounts are ultimately the main obstacle standing between hackers and your organization’s private data. However, all too often these credentials are not adequately secured, monitored, and audited.
Why Privileged Accounts Are at Risk
Because privileged accounts aren’t even recognized by Identity Access Management (IAM) systems, most organizations have no automated way to manage these powerful accounts. Today’s IT security regulations – mandated by government and industry groups alike – require organizations to frequently update privileged account credentials and audit their use. Yet updating these accounts with scripts or by hand often proves too time-consuming and error-prone to be practical. To further complicate the process, manual changes can cause service outages if personnel fail to account for interdependencies between different privileged accounts. Therefore, many organizations simply ignore the problem.
Unfortunately the security risks introduced by weak privileged account security don’t stop at your data center door. More and more of the shared services that your organization probably uses – including cloud services, certificate authorities, and financial service gateways, to name a few – have been exposed as having weak or non-existent privileged account security. To a hacker, the shared, cryptographically weak privileged logins used by service provider staff look like an incredibly attractive target – especially since in these environments a single compromised login can expose the private data of scores of corporate customers.