Attackers Exploit Privileged Accounts

Thursday, June 12, 2014 @ 05:06 PM gHale


While new and sophisticated malware variants constantly work to exploit systems, criminals, hacktivists and advanced attacks continue to do the most damage by exploiting privileged accounts, a new study said.

Security firm CyberSheath’s analysis of 10 of 2013’s most notable cyber attacks found privileged accounts were on each attacker’s critical path to success 100 percent of the time, regardless of the perimeter attack vector.

RELATED STORIES
Cloud Breach: Cost 3 Times Higher
How Attackers Bypass Security: Report
Ineffective Password Security Practices
Insider Threat Real; Protection Weak

The research found increased visibility and actionable intelligence on privileged accounts within an organization’s IT environment greatly increased the ability for those organizations to successfully detect and disrupt an attack.

Reviewing the advanced attack patterns used in 10 benchmark breaches reveals the theft, misuse, and exploitation of privileged accounts is a critical step in attack methodology.

The survey found:
• The attacks that matter to business exploit privileged accounts 100 percent of the time.
• Big company or small, organizations have more privileged accounts than they know about and the risk of exposure they represent makes them urgent priorities.
• Protecting privileged accounts gives CISOs an opportunity to quantify risk reduction and deliver measurable results.
• Privileged accounts represent a clear case for providing a return on investment and reduce risk.
• Protecting privileged accounts is an opportunity to become a challenging target and take back ground in the fight against advanced threats.
• Automated privileged account security solutions reduce human error, overhead and operational costs.

“Companies of all sizes today face an unprecedented number of cyber attacks from organized, patient and well-funded groups,” said Eric Noonan, CyberSheath chief executive. “We’re starting to see CISO’s shift from band aid point-solution purchases to integrated technologies built on intelligence-gathering features to combat advanced threats.”



Leave a Reply

You must be logged in to post a comment.