Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/19/2020
09:00 AM
Lavi Lazarovitz, Head of Security Research, CyberArk
Lavi Lazarovitz, Head of Security Research, CyberArk
Sponsored Article
50%
50%

Stop the Cyberattack Cycle with Privileged Access Management

Four strategies security teams can use to defend against common attack vectors and tactics of privilege escalation, ransomware and account takeovers.

The consequences of a cyberattack can be costly. According to Accenture’s Ninth Annual Cost of Cybercrime Study, the average financial impact of a cyberattack rose from $1.4 million to $13 million per attack. If the first half of 2020 is any indication, this number will continue to rise as attackers amplify their campaigns to take advantage of emerging opportunities, like those associated with changing work environments, and target organizations’ weakest links.

As more companies move workloads to the cloud, adopt collaboration tools to support remote workforces, and increase automation capabilities, attackers are consistently refining their strategies to exploit areas of business transformation.

Maintaining business continuity and resiliency in the face of this dynamic threat landscape starts with understanding the mindset of an attacker. While motivations may vary – from financial gain and espionage to business disruption – the attack cycle remains relatively constant. First, motivated attackers will use common means, like phishing or exploiting a known software vulnerability, to gain a foothold on a network. Once that step is achieved, they’ll typically seek to exploit privileged accounts – those accounts with broad and powerful administrative access -- for the purposes of reconnaissance or to maintain persistency on the network to launch further attacks. Without privileged access, however, the vast majority of attacks don’t proceed beyond nascent stages.

Gaining privileged access is consistently a priority for attackers. Rapid business transformation led by investments in digital technologies has contributed to privileged account sprawl across cloud and hybrid environments, opening up even more potential access points. Critical business processes, applications and cloud instances, for example, all have associated privileged accounts required to maintain and help protect them.

Securing privileged access helps shrink the attack surface by breaking the attacker tool set and restricting the spread of an attack. Limiting lateral movement forces attackers to use tactics that are ‘louder’ and more easily identifiable so organizations can be alerted and work to halt progression of the attack before the business is dramatically impacted.

Based on analysis by CyberArk Labs of common cyberattack vectors and tactics, here are four strategies that prioritize privileged access management in order to better arm businesses to defend against them.

Strategy 1: Stopping Privilege Escalation
The software and applications organizations rely on to run their business can be riddled with misconfigurations and vulnerabilities, especially if basic upgrades and patching aren’t being done consistently. According to a study conducted by the Ponemon Institute in 2019, 60% of data breaches involved unpatched vulnerabilities. But to the attacker, the vulnerability itself represents an open door to gain that initial foothold. The critical step is how attackers use their initial position to escalate privileges and facilitate lateral movement across increasingly distributed and decentralized networks.

Privilege escalation is the most critical link in the attack chain as it can allow an attacker to accomplish several steps including gaining network persistence, building-in additional backdoors and ultimately accessing critical assets. A modern privileged access management program enforces the principle of least privilege that helps ensure that users only have the access required to perform their functions – and nothing more. This helps limit super-user and administrator permissions – further reducing the overall attack surface. 

Strategy 2: Preventing Lateral Movement
Lateral movement is a tactic often interconnected with privilege escalation that is designed to allow attackers to enter and control systems on a network with the goal of spreading an attack or facilitating long-term persistence. Attackers use lateral movement to progress from the original foothold to find valuable information, get access to business-critical systems or execute an attack. Exploiting privileged access is the way to facilitate this movement. By escalating privileges, attackers can effectively move from place to place including from on-premises environments into and across cloud environments, and vice versa. Privileged access management is one of the most effective ways to stop lateral movement by securing the access points attackers need to move across a network, thereby helping to block progression of an attack.

Strategy 3: Slowing the Spread of Ransomware
Ransomware continues to be one of the most common and costly cyberattacks. While the attack typically starts on an endpoint, the goal of ransomware is to encrypt files, applications or systems so that attackers can hold an organization hostage until a ransom is paid. One laptop isn’t going to get the criminal a payday but compromising an entire network certainly can. The move from endpoint to network is a critical aspect of the ransomware strategy. Cybersecurity Ventures estimates that the global cost of ransomware will top $20 billion by next year and predicts that ransomware attacks will target businesses every 11 seconds.

Today’s interconnected businesses make ransomware attacks a real concern for organizations of all sizes. But while ransomware is damaging, privileged access management can limit its spread and keep it contained to the initial infection point. Based on CyberArk Labs research, which has tested 2.5 million variants of ransomware, removing local admin rights, combined with application control on endpoints, was 100% effective in stopping the spread of ransomware.

Strategy 4: Preventing Account Takeovers
Account takeover (ATO) attacks are sophisticated, targeted and designed to give the attacker as much control over an environment as possible by stealing and exploiting legitimate user credentials. Attackers prioritize privileged credentials in ATOs – especially for accounts with ‘always on’ access. These powerful accounts enable attackers to move through a network and achieve full compromise of an Active Directory, the domain controller and even entire cloud environments.

Privileged access management solutions – especially those that include just-in-time access controls – can dramatically reduce the attack surface by securing the authentication credentials that are spread across environments. A just-in-time approach helps provide the appropriate levels of access to the right resources for the right amount of time, eliminating the always-on accounts that attackers covet. This makes the life of the attacker much more difficult by preventing privilege escalation and severely restricting lateral movement.

The compromise of privileged accounts lies at the core of the cyberattack cycle. To learn more about how privileged access management can help break the cycle and help protect organizations’ most critical data, infrastructure and assets, download a complimentary copy of the Gartner 2020 Magic Quadrant for Privileged Access Management.1

1- Gartner, Magic Quadrant for Privileged Access Management, Felix Gaehtgens, Abhyuday Data, Michael Kelley, 4 August 2020
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About the Author: Lavi Lazarovitz, Head of Security Research, CyberArk 

Lavi Lazarovitz is the head of security research at CyberArk Labs. He and his team focus on offensive security and security innovation. They specialize in spotting security gaps in emerging technologies and developing innovative new security layers and effective mitigations to fill those gaps. Recent research includes acclaimed work on: cloud security, containers and Kubernetes security and authentication and identity security.

 

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...