Why Does Monitoring How
Privileged Account Access
is Used (and Abused) Matter?
The recent Twitter hack compromising several high-profile accounts becomes another stark example.
Privileged access is a key part of lateral movement in cyberattacks because privileged accounts have the widest range of access to critical information, making them the most valuable assets for attackers. Adversaries leverage privileged accounts to gain unauthorized access using multiple techniques, ranging from stolen credentials, protocol abuse, social engineering, malware, phishing, password spraying, or merely guessing at simple and default account names and passwords.
Then there is the threat of misuse by an employee, known as rogue insider, who intentionally causes damage or steals data. Or problems as simple as an authorized employee making configuration mistakes that exposes accounts or systems. Adversaries and security practitioners are both aware of the exposure and risk of privileged access.
A recent report from Gartner reveals privileged access as the top priority among security practitioners. Additionally, Forrester estimates that 80% of security breaches involve privileged accounts. In fact, nearly every breach involves some form of privilege access abuse.
Rogue insider or duped employee aside, the illegitimate use of administration tools by legitimate users is challenging to detect, which is why privileged access remains a critical attack vector in so many breaches.
The high-profile attack on Twitter looks to have limited success in terms of financial gain, but for obvious reasons, has significant impact in terms of visibility and the potential to damage brand reputation. Over the next few hours and days, incident responders will be working hard to scope out the totality of the compromise and looking for any evidence of remote orchestration in case the attackers have been able to penetrate and gain persistence inside Twitter’s systems.
In the Vectra 2020 Spotlight Report: Does privileged access equal trusted access?, one learning was that finance and insurance, healthcare and education organizations exhibited the most privilege access anomalistic behaviors across nine different industries. These three industries together account for almost half (47%) of all privilege access anomaly behaviors detected.
The Vectra NDR platform takes an observational approach that focuses on privileged entities and provides detection capabilities that highlight these malicious behaviors where preventive measures fall short.
Whether driven by an insider or an external actor, observed privilege is indispensable as an additional critical point to establishing and understanding a baseline of behaviors. If you’re ready to change your approach to monitoring and protecting your privileged entities, get in touch with us to see a demo.