The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
What do the Target hackers have in common with Edward Snowden?
Both successfully breached highly protected networks to steal mountains of sensitive data by abusing privileged accounts.
Privileged accounts are the logons that open access to desktops, laptops, servers, firewalls, databases, printers — pretty much any device with a microprocessor tied into a company network.
For the past 20 years, organizations of all sizes have distributed privileged accounts widely without considering the security ramifications. All was assumed to be safe inside a company’s firewall. Hackers and data thieves have long known better, of course, and continue to take full advantage.
A 2013 survey by password security vendor CyberArk Software found that 86% of large enterprise organizations either do not know or underestimated the number of privileged accounts incorporated into their networks. “It’s a major and easy attack vector,” says CyberArk CEO Udi Mokady.
Snowden’s thievery pivoted off the privileged account granted to him as a contractor for the National Security Agency. The Target hackers had no special insider’s access, so they phished a privileged account from a heating and ventilation contractor who did work on Target stores.
Each day cyber criminals stretch their creativity to come up with novel ways to beg, borrow and steal privileged accounts. In one recent multitiered caper, shared exclusively with ThirdCertainty, hackers phished their way onto the Windows PC of a low-level clerk at a large multinational corporation.
Next, they purposely slowed the PC’s performance to a crawl, prompting the clerk to call the help desk and allow a technician to take over remote control of her PC to troubleshoot it — exactly what the hackers hoped for.
At that point the hackers pounced. They compromised the help desk technician’s PC and stole his privileged logon, then used it to plunder the corporation’s sensitive data.
Disclosure of that caper comes from Kevin Hickey, CEO of BeyondTrust Software, a Phoenix-based supplier of vulnerability and privileged accounts management systems. “It was a major breach of a very large enterprise,” Hickey says. “The hackers got quite a bit of information. ”
Clearly, it would behoove any business to take stock of privileged accounts — and thanks to the headlines spawned by Target and Snowden, many have finally begun to do so.
It’s encouraging that demand is heating up for “privileged access management,” or PAM, technologies. These cutting-edge systems, also referred to as “privileged identity management,” or PIM, are designed to help companies regularly monitor and police privileged accounts.
Research firm Gartner estimates that global spending on PAM systems soared to $450 million in 2013, a 38 percent jump from 2012. That correlates with an ongoing surge in queries and sales at CyberArk, Beyond Trust, Dell and other suppliers of PAM technologies.
“The porousness of the security perimeter, even with the best firewalls, requires that companies implement additional interior protections,” says Phil Lieberman, CEO of Lieberman Software, a Los Angeles-based PAM vendor.
Beyond helping companies detect and deflect attackers, PAM tools also hold promise for improving operational efficiency. That’s proving to be the case for customers of Budapest, Hungary-based PAM vendor BalaBit.
When the ATM network of a German bank customer recently failed, the bank tapped into BalaBit’s monitoring technology to trace the cause to an errant command executed by an ATM technician working remotely, says BalaBit CEO Zoltán Györkö.
“By searching for and replaying the relevant working session, the bank identified and addressed the problem in hours,” Györkö says. “Without having recorded all of the actions of the ATM administrator, it could have taken much longer to identify and fix the problem.”
Dell’s software division is also touting the productivity-boosting potential of the PAM systems it supplies to businesses. “The bad guys aren’t always outside the organization,” observes Dell Product Marketing Director Bill Evans. “Because of their powerful nature, these are the most sought-after accounts. Occasionally, internal resources may either inadvertently or purposefully use these privileged credentials to acquire and distribute confidential or proprietary information.”
One Dell customer, a large technology company, recently switched from manually managing privileged accounts to using an automated system. “They were able to grant administrators privileged access in a secure and controlled way, resulting in a 50% increase in productivity and enabling them to meet all their compliance requirements,” Evans says.
The first step for any company is obvious: Determine what privileged accounts exist on your network and make a list of who has access to what.
BeyondTrust CEO Kevin Hickey says lack of awareness is an all too common scenario. “You have a lot of very large organizations where they have privileges all over the place. There are some cases where there are hundreds and hundreds of administrators that have elevated privileges.
“Snowden is a good example. He was a consultant. If he had been locked down, with limited access to applications, and parameters set for when he could access them, print them out, and move them around, he wouldn’t have gotten away with it. Basically, Snowden could go anywhere he wanted to go.”
Image: iStock
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams