Skip to Main Content

The Anatomy of a Privileged Account Hack

Thycotic is a SailPoint Identity+ Alliance partner.  This blog post was previously shared on their blog, The Lockdown.

Not all hacks, or data breaches, are equal. While many breaches result in inconvenience and minor financial losses, others have the potential to devastate your organization’s finances, credibility, privacy, ability to meet compliance, and much more.

A privileged account hack falls into the second category.

Public reports describe more than 500 data breaches, exposing more than 3 billion information records in 2016.

What are privileged accounts, and why are they vulnerable?

Privileged accounts are everywhere in the IT environment. They give IT the building blocks for managing vast networks of hardware and software that power the information-driven world. Yet for most people, they’re invisible.

A privileged account enables an organization’s IT professionals to manage its applications, software, and server hardware. These accounts provide access to confidential and sensitive data on computer systems, networks, and databases, and as such are sometimes referred to as ‘The Keys to the Kingdom’.

And yet, access to privileged accounts is sometimes secured and protected by only a single password.

What does a hacked privileged account look like?

When a privileged account gets hacked, it enables the attacker to impersonate a trusted employee or system and carry out malicious activity without being detected.

Imagine that an invisible stranger, with ill intent, enters your organization and starts ‘working’ there. The stranger settles in comfortably and stays for months, even longer, accessing your organization’s most sensitive data, and distributing malware.

This cyber-criminal is in no hurry—they know they are invisible to you thanks to a stolen compromised privileged account you didn’t even know you had. Once their mission is complete and they’ve finished gathering information, they erase audit trails to hide their activity and quietly leave.

You’ll probably never know a cyber-criminal was hidden inside your network—until they start using your stolen information to carry out their malevolent plans. At this point, the damage can be catastrophic.

What makes my organization vulnerable to a privileged account breach?

Unfortunately, many IT users (think of all your team members accessing your network at the office or at home) lack a thorough understanding of how privileged accounts function, and how they fit as a key component into the anatomy of a typical breach. This lack of in-depth understanding makes organizations—even the most security conscious ones—vulnerable to potential monetary and reputational damage from ever-increasing cyber threats.

Let’s look at a couple of commonplace scenarios that can put your organization at risk

Many high-profile data breaches have resulted from stolen and weak passwords. But this is by no means the only way hackers get a foot in the door of your organization.

Have you ever said: “I would never fall for a spear phishing attack?”  Well, consider this:

People open 3% of their spam and 70% of spear-phishing attempts. And 50% of those who open the spear-phishing emails click on links within the email – FireEye

  1. Spear Phishing: an unsuspecting employee receives an authentic looking email from a known third-party supplier, or via a social media message. The urgent message ‘requires’ the employee to click on a hyperlink and type in their credentials. Once submitted, the employee has handed over their secret password and digital identity to the cybercriminal who then bypasses your security controls and poses as a trusted employee.
  2. The Company Laptop: an employee brings home a company laptop. His 8-year-old son uses his own personal device to play online games and chat with friends on social messenger. Suddenly the son gets a friend request from another boy who sends him cool new games and fun surveys. He also sends a link to ‘download a new app’. But instead of a new friend, it’s a cybercriminal who’s using the 8-year-old as a mule to gain access to an unprotected device on the home network. Once the child follows through and the device has been compromised, the cybercriminal can usually get access to all other devices in the home—including dad’s company laptop.

The Anatomy of a Privileged Account Hack

Once you understand how a privileged account hack unfolds you will also understand how cybercriminals target their victims, and what you can do to reduce your risk and prevent abuse of your organization’s critical information assets.

Our white paper “The Anatomy of a Privileged Account Hack” clearly explains:

  • The 7 steps to a privileged account hack. Every user in your organization must read this.
  • The 5 steps you can take immediately to protect your organization from becoming the next victim.

The white paper also addresses critical questions like Why do privileged accounts represent special risks? and describes how outside attackers or malicious insiders can exploit vulnerabilities in your organization, resulting in a full-blown breach of network security.

The white paper reveals facts that many cybersecurity professionals are not aware of

Many IT and cybersecurity people don’t realize that hackers can invest up to 90 percent of their time performing reconnaissance of their targets before acting. Some may even travel to local restaurants near your company’s offices (where unsecured public Wi-Fi could be used by your employees during lunch) to search for the best targets.

Did you know that when a hacker conducts reconnaissance and enumeration carefully and extensively, as they often do, it only takes 24-48 hours to gain access to your network? These, and other facts, are detailed in the white paper.

Real life stories that will make you think twice about your organization’s cybersecurity system

In my experience as a cybersecurity professional, I’ve performed risk assessments for large organizations that believed they had bulletproof cybersecurity systems in place.

The blunders that brought them down were usually either alarmingly simple, or brilliantly insidious.

In “The Anatomy of a Privileged Account Hack” white paper I present the details of two such cases.

Download the white paper here.


Discussion