Makerere University

Enter a keyword or two into the search box above and click search..

Privileged User Account Misuse

You are here

By Gilbert Nsanzimana

 

We usually talk about Cyber security and being Cyber-Smart. Whenever we talk about Cyber criminals, the first thought usually lands on bad outside actors whose only intention is to attack companies and hold them for a ransom. However the heaviest threats are posed by insiders. Those with official access to the most crucial information that companies rely on. It is easier to stay on-guard against attacks from outside than those from within. 
Most data breach attacks stem from poorly secured accounts.  According to Forrester “80 percent of security breaches involve privileged accounts. Yet nearly every data breach involves some form of privilege access misuse.”

A survey conducted by Centrify over 1,000 IT decision-makers confirms that privileged credential abuse is the leading attack vector
For many of the organizations, privileged user accounts are managed but not monitored. But let us have a little more insight on what a privileged user account is.
What is a Privileged User Account?
These are the accounts that are capable of performing administrative tasks on one or more systems of a company. They have special access to the most valuable data of the company that other users are prohibited to access.

It of a truth to say that many employees are given such privileged user accounts without being entirely aware of what it takes to hold them. Hackers set up phishing schemes in target of such accounts because they are aware that by possessing their credentials, they will have the information they need. How much then should companies monitor the activities of privileged user accounts? How often a day should they be evaluated? Well the less attention paid to these accounts, the more companies get into the hackers’ hands.

Types of threats posed by Privileged User Accounts
Privileged user account threats vary depending on how the attack happens and the intended action that causes the attack. There are basically three types.

1. Accidental insider threat
A tangible number of insider threats happen unintentionally. Since the information they have access to, is of high value the company so are the consequences of any mistake. One careless click can cause undesirable changes to critical data or even expose the data to unauthorized users.

2. Malicious insider threat
Privileged user accounts already have access to the company’s sensitive data and they can intentionally choose to misuse the access. These are the most difficult to detect since their actions are rarely monitored. It is also not easy to understand whether they are logged in for a legitimate purpose. Malicious insider threats can be opportunist in nature or premeditated.

Sharing of privileged account access is common and is a hindrance to timely detection of malicious insider threats.

Statistics by a Privileged Access Management company, Centrify show that 65 percent of privileged account users were still sharing root or privileged access to systems and data.

3. The outside attack threat
Privileged account users are spot-targets for outside hackers. Hackers can gain access to the accounts after a successful attack such as phishing and use this access to navigate through the network undetected.
2020 Data Breach Investigation Report indicates that hacking and data breaches generally are driven by credential theft. Over 80 percent of breaches within hacking involve Brute force or the use of lost or stolen credentials.

Conclusion
DICTS makes the following recommendations to Systems Administrators
1. Always Audit and monitor the activities of the privileged user accounts.
2. Limit as much as possible the sharing of privileged accounts’ credentials. This can help in determining who exactly did what at a certain time.
3. Employees whose services have been terminated should lose access to privileged accounts immediately-if they had.

 

 
 
 
Category: