Sensitive and confidential data are of huge value to cyber criminals, and privileged user credentials are the gateway to these prized assets.
As more and more sophisticated cyber security measures are implemented, threat actors have looked for other vulnerabilities and found that privileged users can be a simple way to access an organizations’ systems and data.
Privileged users can be the IT department, a Managed Service Provider (MSP) or other vendor, or a senior executive. Of these, the MSP offers the threat actor the biggest bang for their buck. Rather than directly attacking privileged users at their primary target organization, threat actors are realizing that MSPs are the cream of privileged users as they can be an easy route into numerous companies instead of just one. The threat actor can then spend weeks searching the MSP and its customers’ networks undetected, identifying the most valuable assets in order to maximize potential damage to the victim, and maximum ROI for themselves.
‘Is this really an issue for my organization’ I hear you ask? The answer is yes it is! All companies have privileged users so that IT tasks like system hardware or software installation, upgrades, troubleshooting, and password resets can take place, as well as allowing access to sensitive or confidential data. This data can range from customer and employee lists containing passwords, contact details and other Personally Identifiable Information, to salary details and commercially sensitive information. For some organizations, this can even be information that affects the nation’s defense and security.
80% of Security Breaches involve Privileged Credentials
It’s easy to think that a privileged user breach will happen to someone else but the threat is all too real. According to Forrester 80% of security breaches involved privileged credentials.
In a much-documented December 2019 case, an ‘affiliate’ of Sodinokibi (which offers ransomware-as-a-service) breached LogicalNet’s servers and installed a ransomware virus that infected its customers. Albany County Airport was one of the customers affected and, after paying a hefty ransom, ended its relationship with LogicalNet.
But the threat isn’t always external. Verizon’s 2019 Data Breach Investigations Report found that 34% of breaches involved internal actors. As an example, in January 2020 an employee of a Managed Service Provider, Marquavious D. Britt, was charged with Computer Fraud and Abuse as well as Access Device Fraud. Britt is alleged to have used his job as a systems engineer to steal credentials that could be used to gain access to the MSP's internal systems and then trying to sell them on the dark web for just $600.
So what does this mean for you? How can you protect your organization against these threats? If you’re an MSP how can you reassure your customers that their servers are safe in your hands? And if you’re an enterprise, what can you do to make sure anyone with privileged user access, whether an employee or a vendor, is not compromising your network?
Find out more about how IONTM PRIISMS secure remote access gateway can protect your organization against a privileged user breach
About IONTM PRIISMS
IONTM PRIISMS (Proactive Remote Integrated Intelligent Secure Management Solution), part of APITech, is a secure web-based gateway application to centrally control the remote access, management, and monitoring of critical IT and voice networks.
During these challenging times when safety of employees is of paramount importance, IONTM PRIISMS also allows you to:
√ Protect your IT support staff by reducing the need for on-site visits while maintaining service to customers
√ Maintain productivity of staff who are home working
√ Reduce customer system downtime through secure remote access and monitoring