By David Geer

Learn how millions in lost revenues, fines, and penalties start with the abuse of a single privileged account.

At SecurIT: the Zero Trust Summit this past October in New York, hundreds of executives listened as experts expounded on the need for Zero Trust to combat the leading cause of breaches: privileged credential abuse.

During the Summit, Centrify President Tim Steinkopf drew everyone’s attention to how much damage—damage costing millions in terms of penalties, market value, stolen IP, brand recognition, and customer trust and loyalty—a single abused privileged access credential can do.

Those millions are why hackers exploit your vulnerabilities, navigate laterally inside your network, and usurp authority over your privileged accounts in the first place. By hiding behind those accounts, hackers work their way deep into the heart of your network to steal your data, then profit from it at your expense.

How Hackers Compromise Privileged Accounts

Cybercriminals and state-sponsored cyber adversaries alike compromise privileged accounts by leveraging vulnerabilities in your people. Take passwords, for example. Depending on the enterprise and the number of users, machines, and services, an organization has thousands to hundreds of thousands of passwords. These passwords add up to a lot of headaches for the systems admins, who must manage them.

To save time, admins institute the same or very similar passwords on many privileged accounts and servers. These passwords are often weak or easily guessed. Admins leave passwords unchanged for long periods for the same reason. They leave default passwords that come installed on systems untouched, as well.

While these approaches ease work for admins, they make life easier for hackers, too. Once they have one password, they try it and close variants on many accounts and systems. Aging passwords that remain unaltered give cyber-thieves time to steal them using brute force and dictionary attacks. Cybercrooks get in merely by looking up default passwords, which vendors publish on the Internet and using those.

Criminal hackers also create spear phishing attacks to retrieve usernames and passwords for privileged accounts. They study employees on social media, learn what they do, who they interact with, and create emails that fool them into giving out their account data. For example, the spear phishing email could appear to come from someone in authority, whom the employee knows. It could ask them to log in to a website with their credentials. Then, the hackers who own the site instantly collect the login information for reuse inside your network.

Cybercriminals acquire privileged access credentials in many ways. They exploit vulnerabilities in home networks and Wi-Fi hotspots. They use social engineering maneuvers other than spear phishing. One thing is sure: there is no shortage of ways for hackers to steal credentials.

How Hackers Abuse Privileged Credentials

Hackers who take ownership of privileged accounts can do anything the legitimate user can do. They can move around inside the company network and access a variety of machines and systems. They could gain control of domain admin accounts and sift through data on every system on that domain. They could get control of privileged application accounts and retrieve data from databases.

Hackers can also use privileged access to move laterally through the network, gradually compromising additional accounts. They can use privileged access to make system changes and install backdoors in new privileged accounts that they create. Most importantly, they can access your most valuable data, extract it, and erase their system footprints, so no one knows they were there.

The more access and control hackers have, the more easily they can make their way to your most precious data, whether consumer PII/PHI or intellectual property.

How This Costs You Millions

Hackers use privileged access to locate and exfiltrate (or in rare cases destroy) your data. They can then exploit the data (including customer information) by selling your customers’ credit card numbers and personal information. Hackers can sell your intellectual property to your competitors.

You could sacrifice your brand’s reputation. Revenues could walk with your customers when they switch to other vendors. You could lose millions of dollars in profits to those competitors. You could lose additional monies when you pay regulatory fines and penalties. For example, fines under the General Data Protection Regulation in Europe can go up to 20 million Euros or four percent of annual global turnover, whichever of both is highest.

The “millions” could mean any number of things, depending on what compromised information is being exploited and its value to the organization and its customers.

Organizations need to recognize that perimeter-based security, which focuses on securing endpoints, firewalls, and networks, provides no protection against identity and credential-based threats. Until we start implementing identity-centric security measures, privileged account compromise attacks will continue to provide a perfect camouflage for data breaches.

One vendor that addresses this challenge heads on is Centrify. Centrify cloud-ready Zero Trust Privilege stops breaches that result from abused privileged access credentials. Centrify helps customers grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, organizations can minimize the attack surface, improve audit and compliance visibility, and reduce risk, complexity and costs for the modern, hybrid enterprise.

Learn more about Centrify cloud-ready Zero Trust Privilege here.







