CyberArk - Hackers Using Malware to Exploit Privileged Accounts

Csoonline.com reported on 19th November, 2014 quoting a recent report released by CyberArk software, Ltd., an Israel-based vendor of security solutions for privileged accounts which the security firm made after analyzing the experience of some of the world's top cybersecurity and forensic teams as "hackers will break into systems of enterprises by using malwares along with other techniques and once they enter, they are likely to switch away from malware and start abusing privileged accounts."

Csoonline.com reported on 19th November, 2014 quoting Udi Mokady, CEO of CyberArk as saying "Many industry connect malware to the means with which an attack is done but as more and more computers are infected with malware, it becomes easier for the victim to detect an attack."

Instead, once hackers enter into a system, they switch to using privileged accounts.

He said that if you can do that, then you can come and go to the organization whenever you want to and set up additional users which mix up with the normal traffic.

Mokady says that most enterprises are not aware of numbers of privileged accounts they actually have.

He added that companies normally have three to four times of employees as privileged accounts.

Experts observe that around 80% of targeted attacks involve hacking of privileged accounts at some point of time.

The report reveals that attacks often continue for months or years before they are spotted as the average period of attack is six to eight months before it is detected. Mandiant published a finding claiming average number of days in an ongoing attack is 229 which corroborates the figure.

Threatpost.com published a report on 20th November, 2014 quoting CyberArk as saying "privileged accounts even allow attackers to abolish evidence of their activities and establish redundant access points and backdoors which make it almost impossible to keep them from internal networks."

Lastly, CyberArk says that companies must know the number of privileged accounts existing within their organization and to the best of their ability they should restrict the number of default or administrative or hard-coded credentials, SSH keys and application backdoors which they maintain. Firms should always do regular audits of their assets about information and how those assets are accessed, should monitor and restrict the privilege level of accounts and immediately apply patches in frequent intervals.

» SPAMfighter News - 12/1/2014