Recent breaches have underscored the dangers of overprivileged user accounts and software processes, highlighting the need for companies to discover and mitigate the privileged accounts that could be used by attackers to further compromise important systems and applications.
Last month, the breach of an administrative account at video service provider Verkada left the firm's customers — among them, Tesla and Cloudflare — open to surveillance by online intruders. Verkada's cloud video service appears to have allowed super users unrestricted access to customer video streams and cameras, allowing a single breach to have massive impact. Similarly, through the compromise of the update process for SolarWind's Orion remote management software, attackers gained complete access to customers' systems because Orion, by default, had complete access.
The problem is not limited to super user accounts on cloud services. Many workstations and servers continue to have overprivileged accounts that could be abused, and it's not just administrator accounts, says Tim Wade, technical director with the CTO team at threat detection firm Vectra.
"It is important to recognize that privilege exists on a spectrum," he says. "The obvious candidate for concern is associated with administrative rights, but the reality is that even seemingly innocuous access to shared resources beyond necessity can enable attack progress toward its intended target."
While the concept of least privilege is widely understood, users and applications with more rights than necessary continue to be a common problem. More than a third of companies (37%) have detected overprivileged accounts, according to the "Oracle and KPMG Cloud Threat Report 2020." These credentials are in ..
Support the originator by clicking the read the rest link below.
