The recent Uber hack is a stark reminder that unsecured privileged account credentials represent the keys to the kingdom for malicious actors. In the Sept. 15 breach, an attacker compromised an administrator account with elevated privileges to gain unfettered access to the ride-hailing company’s IT systems. One security analyst called it a “complete organization takeover.”
Privileged accounts have always been a high-value target for hackers. They provide administrator-level access to servers, security systems, network devices, databases, applications and other resources. Such access is critical for managing IT systems, but in the wrong hands can be used for a host of nefarious purposes. Forrester Research estimates that 80 percent of breaches exploit privileged credentials.
In the Uber hack, for example, the attacker gained administrative access to the company’s Amazon Web Services (AWS) and Google Cloud (GCP) platforms, where Uber stores its source code and customer data. Several code repositories, a Slack management interface, internal employee dashboards and an endpoint security portal were also compromised.
Safeguards Lacking
Despite the obvious value to hackers, privileged accounts aren’t adequately protected in most organizations. According to Axio’s 2021 State of Ransomware Preparedness Report, 80 percent of organizations fail to implement basic cybersecurity practices designed to safeguard privileged administrator credentials. This is at least partly due to a tendency to underestimate the size of the problem.
In one survey of more than 1,200 organizations, 86 percent reported they did not know how many privileged accounts they had but guessed it was no more than one for each employee. However, researchers found that they actually had three to four times that many, meaning that most of these incredibly valuable accounts were unknown, unmanaged and unsecured.
There are several reasons for this. The shift to hybrid and remote work has contributed to a proliferation of privileged accounts. In many cases, these accounts aren’t linked to a specific person — privileged accounts are commonly found in applications, systems and network devices that require app-to-app or app-to-database communications and access.
Forgotten But Not Gone
Forgotten accounts also create issues. Privileges are sometimes extended to employees, applications or functions on a temporary basis, but the accounts are never deactivated. Analysts say there are millions of such orphaned accounts around the world that hackers could exploit.
All of these factors point to the need to exert greater control over privileged access. The best tool for the job is a robust privileged access management (PAM) solution that improves visibility and control of privileged identities and activities. PAM allows organizations to enforce the principle of least-privileged access — users or devices are restricted from accessing any resources that aren’t explicitly approved for them. This is an important defense against advanced persistent threats and other stealthy malware. Even if such threats get inside the network, privilege restrictions ensure they won’t have free access to critical systems and data.
Leading solutions also include discovery and onboarding modules to enable greater insight and control. A discovery module will scan the entire network and map all points of privileged access, allowing administrators to identify and deactivate all orphaned accounts. Automated onboarding and offboarding eliminates ad hoc provisioning and helps ensure that the list of protected accounts is always current.
Privileged access is a necessary evil, allowing organizations to perform administrative duties, make important system changes, update systems and conduct many other critical management tasks. However, these accounts are ripe for abuse if not properly managed and secured. Contact us to learn more about implementing a PAM solution to enhance your security posture.
