Privileged user accounts are used for some of the most critical parts of a business, such as managing infrastructure and providing access to critical data for day-to-day activities. However, because privileged users have great access to your organization, they are a security threat. According to a report by Centrify, privileged credential abuse is involved in 74% of breaches.
What is a Privileged User Account?
Privileged user accounts are those that have unlimited access and permissions to systems, data or endpoints. These accounts can be used to modify data or grant permissions to other accounts. They are often given to people who work with critical data and infrastructure, such as C level executives or senior managers. Here are three common privileged user accounts most organizations use:
- Local admin accounts: These accounts provide administrative access to the local host. They are commonly used to perform maintenance on the network.
- Domain admin accounts: These are privileged accounts that have admin access across all workstations and servers within the domain.
- Service accounts: These accounts are used to operate specific applications.
Privileged Users Are a Security Weakness
Privileged user accounts can act as a security threat because it is easy for users to abuse their access without getting caught. Here are three reasons why your privilege users are your biggest security weakness.
1. Cyber criminals target privileged users: According to Verizon’s 2019 Data Breach Investigation Report, senior executives are 12 times more likely to be the target of a social engineering attack. Privileged users are targets for cyber criminals because they can use their accounts to gain a foothold into your network. Once they gain access to privileged credentials, they can change permissions for users and move around undetected. They might even try to infect other users by sending malicious links. Since they look like a normal user, their actions may not be immediately raise any red flags.
2. Accounts are difficult to manage: Privilege users are hard to manage because as employees change their roles, their permissions and accesses change as well. It can be difficult for organizations to keep track of the permissions that are required for each role and to make sure that unused accounts are deleted or that permissions are disabled when no longer required.
3. They can act as insider threats: Since privileged accounts have unlimited access, it’s hard to determine if a user is acting maliciously or not. If a privileged user is accessing confidential behaviour, are they doing it because it’s part of their job or because they are trying to leak sensitive information? They may also unintentionally act as an insider threat, such as giving a user access without determining if there was a true business need for it or not.
Securing Your Privileged Users
Since privileged users hold the keys to an organization, it’s important that organizations take necessary precautions to guard these accounts. Here are three things organizations can do to secure their privileged users.
1. Use a Zero Trust model: The foundation of Zero Trust is to “never trust, always verify”. In order to incorporate Zero Trust into your organization you need to build it into your security architecture. The strategy should include constant verification of users, devices and their access. User accounts should have multi factor authentication enabled and end devices connected to the network should be protected with endpoint security. Privilege access should be limited and given to only those who need it.
2. Implement Behavioural analytics: Using an automated detection system like Secure IT SIEM can help monitor user activity and detect potential threats. SIEM allows you to gain visibility into your network by analyzing data from devices and monitoring user behaviour. SIEM can detect indicators of potential insider threats, such as logins at unusual hours or accessing unusual data or systems.
3. Understand Your Privileged Accounts: Find out where your privileged accounts exist within your organization. Create an inventory of these accounts. This will help you gain an understanding of your company’s risk exposure. Make sure any privileged accounts that are no longer in use are deleted.
Phishing attacks are still prevalent and organizations are continuously being targeted. According to a report from Proofpoint, 83% of businesses say they experienced a phishing attack in 2018. Phishing attacks are used to steal credentials/data and spread malware and ransomware to businesses. Just last month the city of Ottawa fell victim to a phishing scam and wired $130,000 to scammers.
Phishing attacks work because hackers are good at making their messages seem legitimate and people are not always paying attention when reading emails. Here are 4 types of phishing attacks and steps you can take to combat them.
1. Phishing messages via SMS or Messaging apps
Although phishing emails are still prevalent, hackers are also utilizing other forms of communication, such as text messaging and messenger apps, to target potential victims. These types of phishing attacks are similar to what you’ll see in email; the only difference is the method of communication. For example, instead of getting an email saying your account is compromised, you will get a message via text with a link. In some cases, they may send a phishing email but request the correspondence to continue via text and ask for your mobile number.
How to combat
Education and awareness is key to fighting phishing attacks. Employees should be enrolled in cyber awareness training at least once a year to make sure they are updated on the latest attack vectors. Cyber awareness training will also help employees think more critically about navigating online and learn how to build good security habits. They should never engage with unknown senders or click on any links in suspicious emails.
2. Business Email Compromise (BEC)
BEC scams involve impersonating a CEO or executive of a company or a business supplier/partner. The hackers then request a wire transfer of money or for the user to purchase gift cards. These scams usually involve building a rapport with the potential victim in order to build trust or having knowledge of a business’ suppliers to seem more legitimate. According to the FBI, BEC caused losses of $1.3 billion in 2018.
How to combat
Implement a warning message when users receive messages that originate from outside the organization. This can remind users to look closely at the emails they receive and to not download attachments/files from unknown senders. This can also help combat CEO fraud as messages from executives should originate from within the organization.
3. Credential attacks
Hackers targeting credentials will send phishing messages that try to steal them. This usually done by sending a message that entices you to log in. These messages can say you need to change your password or that there was a suspicious login. Some may say you have a tax refund or target credentials to your accounts on streaming services. These types of attacks will also provide a link to a fake website that looks legitimate. When you log in using these spoofed links, the hackers will be able to gain access to your credentials. This opens up the threat of malicious insider attacks, where hackers can use compromised credentials to steal data or spread more phishing emails to clients or business partners.
How to combat
To avoid clicking on fake websites, you should always hover over the link and inspect the URL before you click on it. If you are unsure if it’s legitimate, you should type in the website directly into the search bar.
4. Clone phishing
This attack takes a legitimate email and copies or “clones” the email to include a malicious link. This attack can be difficult to spot because it’s based on a previously delivered email. The attackers will also spoof the return email address so that it closely resembles the original sender.
How to combat
Implementing a secure email solution can help detect threats like phishing and spam. Secure IT – Mail includes several security features like Advanced Threat Protection to scan for suspicious email attachments, malware and malicious links. Additionally, you can backup and archive your emails with Secure IT – Mail.
Whether you’re in the office or at home, you’re most likely surrounded by IoT devices. Gartner forecasts that 14.2 billion connected things will be in use in 2019, and that the total will reach 25 billion by 2021. Although these devices help increase productivity and make our lives easier, they are also targeted by cyber attacks. According to Symantec’s 2018 Internet Security Threat Report, IoT attacks went up by 600% between 2016 and 2017. As we start to incorporate more IoT devices into our lives, we need to be aware of the security risks of IoT devices. A survey by digital certificates provider DigiCert found that 25 percent of companies struggling the most with IoT security reported IoT security-related losses of at least $34 million in the last two years.
What are the IoT Security Risks?
One of the biggest challenges in securing IoT is the fact that the attack surface is so large and contains many risks such as vulnerabilities, authentication issues and device and network threats.
Many IoT attacks can also target unconventional devices such as smart refrigerators, printers or baby monitors. Therefore, people might not realize that IoT devices pose a security risk.
Shadow IoT devices, which are active IoT devices that connect to the company network without the company’s IT support, can be easily targeted by hackers. Companies often have no control over these devices so they may lack proper authentication and security features.
IoT devices can be hijacked and used for malicious purposes. For example, the Mirai botnet attack in 2016 took advantage of insecure IoT devices to create a massive denial of service (DDoS) attack. The hackers behind the attack managed to scan for hundreds of thousands of vulnerable IoT devices and use them in DDoS attacks without the device owner’s knowledge.
Malicious actors can hack into insecure IoT devices or IoT apps and use them to spy on people or pinpoint their location. According to the Ponemon Institute, 80% of IoT applications are not tested for vulnerabilities. This is alarming as this means that many IoT apps can be exploited to carry out attacks.
4 Things You Can Do to Reduce IoT Security Risks
Keep Track of Your Devices
Each IoT device in your network has its own potential security risk, which is why it’s important to know your IoT devices. Use proper device identification and authentication so that you can keep track of the devices that are communicating with the network.
Rogue devices can pop up so being able to scan your network for devices is important. Removing devices that are no longer in use and disabling unused features can also help reduce the attack surface.
Use IoT Devices You Can Trust
IoT weaknesses can pose a large security threat to your data. Make sure you use devices that are supported by the manufacturer to ensure that you have access to necessary security patching. Keeping track of patching and firmware upgrades will help defend against exploits.
Follow Basic Cyber Hygiene Practices
Having good cybersecurity hygiene is key in defending against IoT risks. This includes patch management, backing up your data, using encryption and implementing security awareness training. It’s important to continuously monitor your environment for changes and take action when necessary.
Do an Assessment
Any of your IoT devices can be a target of a cyber attack. It’s important to be aware of the impacts each of your devices can pose to your overall network. If one device is compromised, will it affect other devices? What can you do if that happens? Having an assessment can help you prepare for your worst-case scenario. From there, you can implement a security policy/strategy that will help you prepare for any potential issues.
In most cases, a password is the only thing protecting your account from hackers. Despite this, many people fail to choose a strong password. UK’s National Cyber Security Centre recently released a list of the most commonly used passwords and some of the passwords on the list might be shocking in how simple they are. The number one password in the list is ‘123456’ with over 23 million accounts using this password.
When hackers engage in password spray attacks, they’re using simple, common passwords like ‘123456’ to gain access to accounts. And since so many people are using these types of passwords, the hackers are most likely gaining successful entry into multiple accounts. People often reuse the same passwords which means access to one account can mean access to all accounts. With this information, hackers can act as an insider threat, and move around the network undetected. This is why it’s important to take password security seriously. Here are 5 simple things you can do to increase password security.
Use a password manager
A password manager is a program that stores and manages your passwords across all accounts. It’s considered to be more secure because they help create strong, unique passwords. However, they have their pros and cons, which is why it’s important to do your research when considering using a password manager.
Avoid storing passwords on browsers
Storing passwords for your accounts within your browsers is convenient but is also a security risk. You can easily view your saved passwords within your browser settings and see which websites have passwords saved. Normally, you need a master account password to view all your saved passwords. However, if a hacker has access to this master password, they can see all your passwords. Be cautious when storing your passwords and make sure each account has a unique password.
Turn on Multi-Factor Authentication
Multi factor authentication involves using a secondary verification method in addition to a password. This typically includes methods such as sending a code to a mobile number or secondary email account that needs to be entered after your password. In some cases, people use a hardware key that they insert into their computer for verification. You should use multi factor authentication wherever you can. This adds an extra layer of security, and most websites support the use of multi factor authentication.
Always change default passwords
Never use the default password for your accounts or hardware. Hackers can use these default credentials to hack into your devices and conduct botnet attacks. It’s important to change your passwords as soon as a new account or hardware enters your network.
Don’t leave passwords out in plain sight
If you’re writing down your password to remember it, make sure you do it somewhere safely. Writing your password down where anyone can see it, such as on a post it note on your desk, is not a smart idea. If you feel the need to write down your password, consider writing down a hint to your password instead. Overall, it’s best to not have your password written down anywhere. Creating a password that includes phrases or acronyms that is meaningful to you is a good way to have a memorable password.
Security is a team effort. Remind your employees of the importance of having good security habits, like using strong passwords, by engaging them with cyber awareness training.
It was this month that Talos researchers discovered the new Karkoff .Net malware. The team says that the malware is “lightweight” and permits remote code execution through the C2. There is no obfuscation in play so Karkoff is easily picked apart.
The malware does have an interesting element, however, in that Karkoff generates a log file which stores executed commands with timestamps. If organizations fall victim to Karkoff, they would be able to use this file to review exactly what happened, and where.
How do you protect yourself?
Proper security measures must be in place to defend against Karkoff Malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.
A group of attackers are actively exploiting a critical vulnerability in Atlassian’s Confluence collaboration software to infect servers with the GandCrab ransomware.
The vulnerability, tracked as CVE-2019-3396, is in the software’s Widget Connector that allows users to embed content from YouTube, Twitter and other websites into web pages.
Attackers can exploit the flaw to inject a rogue template and achieve remote code execution on the server. According to Atlassian’s advisory, published March 20, all versions of Confluence Server and Confluence Data Center before versions 6.6.12, 6.12.3, 6.13.3 and 6.14.2 are affected.
Source: CSO Online
How do you protect yourself?
Ensure you’re updated with the latest software patches.
Qbot Banking Trojan
A phishing campaign dropping the Qbot banking Trojan with the help of delivery emails camouflaging as parts of previous conversations was spotted during late March 2019 by the JASK Special Operations team.
Qbot (also known as QakBot and Pinkslipbot) is a quite old yet still active and continuously evolving banking Trojan with worm capabilities, used by malicious actors since at least 2009 [1, 2, 3, 4] to steal financial data and banking credentials from their targets, to drop additional malware, to log user keystrokes, and create a backdoor to compromised machines.
How do you protect yourself?
Proper security measures must be in place to defend against Qbot Banking Trojan and similar threats. Backing up your data and having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
As an organization, protecting data is vital. Loss of data can lead to a number of problems including downtime and compliance fines. According to Dell’s Global Data Protection Index, the average cost of data loss is nearly $1 million.
Threats like ransomware and accidental deletion are still prevalent and put data at risk to being lost or unrecoverable. Having a reliable backup system in place like Jolera’s Store IT will ensure that your data is protected. Here are five key points to consider when backing up your data.
1. Choose the Right Type
There are different types of backup such as on-premise, cloud and hybrid. You should consider your current needs as well as anticipate what you may need for the future as well. A scalable, cloud backup might be something you want to consider if you anticipate larger storage needs in the future. If you want the benefits of both the cloud and local backup hybrid backup may be more your speed. Make sure you do your research when deciding on the type of data backup that would be best for your business needs.
2. Secure Encryption
Securing your backup data is important because you want to make sure that it will be available in the event of an emergency. If your data isn’t encrypted and hackers get access to your backups, they’ll be able to access your data. Your data should be encrypted at rest and in transit to ensure its security. All sensitive and important data should be encrypted.
3. Recovery Speed
During a disaster, such as being hit by ransomware, you want to be able to restore your files as soon as possible. Not being able to restore your data on time can decrease productivity and increase downtime. Restoring many files can take a long time due to the size of the files, so you should prioritize restoring business critical data. Your backup should be able to restore your files at a reasonable amount of time.
4. Scheduling Your Backups
Scheduling your backups can take a lot of effort. You need to organize how regularly you want to back up your data, what time you want to do it and what data you will be backing up. You should prioritize backing up the most crucial data and schedule your backups during off peak hours to minimize disruptions to your network.
Having access to support, like the 24/7/365 live agent support Jolera provides, is an important aspect to consider for your backup. If things go wrong and you are unable to get assistance as soon as possible, your company is on the line. Being able to reach a live agent when you need support can help ensure that your data is backed up properly and that your restores run smoothly.