By: Nick Turnbull, Senior Vice President, Asia Pacific and Japan, BeyondTrust
Last February, Singapore observed several instances in which user data that were stored on Network Access Storage (NAS) systems were erased. In each incident, a ransom note was left behind, demanding cryptocurrencies to restore the data. According to the Singapore Police Force (SPF), threat actors gained access to these NAS systems through administrator accounts with valid credentials. As there were no signs of authentication failures, the SPF believes that the threat actors used default or stolen credentials to carry out the attacks.
As individuals and businesses adopt more digital services, they will need to manage multiple profiles, which can be a tedious affair. Users often resort to re-using existing passwords to register for new servicesand devices. However, attackers know this and exploit user laziness to gain access to online services.
To resolve this issue, it is vital that organisations gain a complete view of their entire identity landscape and exert greater control over remote access. These capabilities are crucial to eliminating blind spots and shutting down vulnerabilities that otherwise give attackers a way into mission-critical systems.
All eyes on privileged accounts
Phishing is one of the go-to methods for attackers to obtain digital identities. Posing as a trusted organisation or contact, attackers can trick users into opening attachments or clicking on links, where they are then instructed to provide their login details. In some instances, phishing emails are also used as a vehicle for ransomware payloads, which often can prove costly to remediate and can be the source of ongoing exploitation of personal information. This in turn impacts the breached organisation’s reputation and may lead to legal and regulatory action. Banks and financial services were the most commonly spoofed sector, as customers have to login with their usernames and credentials before they can use the services.
This is where privilege access management (PAM) comes into play by enabling security teams to audit all privileged user accounts. This includes those belonging to administrators, superusers, or high-ranking personnel that have elevated permissions to access and modify sensitive information as well as install software.
To accomplish this, PAM solutions use the least privileged and just-in-time access controls that allow only the right users to open specific files at the exact moment when they need it the most. At the same time, security teams harness session monitoring to respond to potential incidents before attackers make their move. Enabling monitoring capabilities is also crucial to meeting external regulations and guidelines, such as the Singapore Cybersecurity Code of Practice.
By regulating the level of access granted to users, both insider threats and external attackers will find it challenging to disrupt the IT system. This, combined with the ability to scale visibility, can provide security teams with the means to fortify a growing number of user and device identities against potential threats.
Fortifying the identity front
PAM enforcement works best when organisations implement strategies that take into account mission-critical assets that are crucial to keeping operations running, as well as the organisations’ goals for integrating PAM. These strategies are key to streamlining responses and widening visibility across the entire IT environment.
Chief among them is tightening control over privileged passwords. Using common words or names, sharing passwords with colleagues, and not changing default credentials can make attackers’ jobs of breaching accounts easier. By exercising greater control over password creation and rotation, organisations can support their employees in reinforcing workload access.
Additionally, organisations should limit the amount of access they provide their employees to what is necessary to conduct their work. To achieve this, organisations should start by ensuring all user accounts are “standard” users across both desktops and servers. When a user needs elevated privileges to undertake an action – such as installing a printer on the device – the process (not the user) is elevated and only for the time required to complete the task.
Because digital identities act as keys to data and workloads, it is vital that organisations secure them to avoid running the risk of increased data theft and operational disruptions. Integrating PAM can help organisations stay ahead of these threats by controlling how much privileges a user is allowed to have. These capabilities are crucial to limiting attackers’ movements and ensuring secured access to workloads.
