close icon
Home Page
Products

Products

PAM logo
Privileged Access Management
PEM logo
Endpoint Privilege Management
PPA logo
Automation
Industries

Industries

school_line
Education
bank_line
Finance
government_line
Government and Defence
hospital_line
Healthcare
computer_line
IT Operations
settings_5_line
Industrial Control Systems
briefcase_line
Legal
store_2_line
Retail
Partners

Partners

Resellers and Distributors
Partner marketing support
Partner opportunity
Resources

Resources

tool_line
Free Tools
bookmark_line
Blog
file_search_line
Case Studies
usb_line
PAM Integrations
video_line
Videos
Webinars
paper_line
White Papers
book_2_line
Osirium University
news_line
Documentation
Company

Company

IDcard_line
About
news_line
News & Events
Team
Software reviews gold medal
See the report
search_3_line
BOOK A DEMO
All posts
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
26
March 2015

GCHQ - Privileged Account Abuse

Andy Harris

Much of the talk in IT security circles over the past week has been centred around new guidance for businesses from the UK’s spy agency. Sensationalist news reports told us that GCHQ has been telling firms to consider stripping employees of their mobile devices to avoid cyber attack. But between the attention-grabbing headlines and the indignant fury of industry rent-a-quotes was a very important warning from GCHQ:

“Dissatisfied users may try to abuse their system level privileges or coerce other users, to gain access to information or systems to which they are not authorised.” We couldn’t agree more. Attacks on privileged accounts, whether from “dissatisfied users” or external actors, represent among the most under-reported but potentially damaging forms of cyber intrusion facing organisations today.

Best practice

If you read the report critically, what CESG – the information assurance arm of GCHQ – is actually recommending in its “10 Steps to Cyber Security” is actually pretty good advice. It’s obviously down to an individual organisation whether they act on this advice, and that will depend on their risk profile and whether doing so might affect staff productivity, business agility and so on.

The reports main recommendations appear to be:

  • Staff should only use trusted Wi-Fi connections when out and about
  • Firms should monitor all user activity and inform staff that any abuse of corporate security policies will result in disciplinary action
  • Staff should beware of shoulder surfers when outside, especially from those looking to spot their user log-ins.
  • Firms should assess “business requirements” for staff access to “input/output devices and removable media” like smartphones and MP3

The weakest link

GCHQ is also right to warn that employees are the “weakest link in the security chain”. But we’d go one further. It’s IT staff and those with privileged accounts that are potentially the weakest link. As rightly mentioned by the intelligence agency, system level privileges are wide open to abuse.

But arguably more dangerous than the insider threat is the increasing frequency with which they’re being targeted by outsider groups. Think about it. If you’re a cyber criminal or a state-sponsored operative and you want to infiltrate a specific targeted organisation to retrieve sensitive data, where’s the best place to focus your efforts? On the temporary receptionist who might fall for your spear phishing email but only give you low-privileged access? Or on the IT admin who will give you the keys to the kingdom first time round?

It might take the attacker more time to research their spear phishing strategy to make sure it’s convincing, and to do some reconnaissance so they get the IT guy with the required set of account access rights – but it’ll be worth it. This is a step up from your average targeted attack – a quick, effective cyber sniper shot which stands a much better chance of evading detection. And social media and specialist forums provide the perfect reconnaissance tools for the clued up hacker.

Fighting back

It’s not easy to mitigate against this kind of attack but here are some initial tips:

  • Always operate company-wide principle of least privileged account access
  • Install systems to gain greater visibility into user behaviour – so you know when something is abnormal
  • Invest in systems like Osirium Privileged Access Management which allow IT staff to log-on in a secure and automated manner without passwords. If there are no passwords to steal, the attacker can’t get in.

‍

Related Topics

Privileged Access Management
Manager
Audit, Compliance and Governance
all posts
Top
Home Page
cyber essentials certified badge
Industries
EducationFinanceGovernment and DefenceHealthcareIT OperationsIndustrial Control SystemsLegalRetail
Company
AboutTeamBoard of DirectorsInvestor HubJob Opportunities
Resources
Free ToolsBlogPAM IntegrationsVideosWebinarsWhitepapersDatasheetsDocumentationCase Studies
Support
Support PortalOsirium University
© 2023 OSIRIUM. All rights reserved.
AccessibilityPrivacy PolicyEULATerms of ServiceSitemap