PAM and Data Breaches

PAM is one of the most critical aspects of a strong information security program that every company needs to incorporate to mitigate the risk of exploitation. PAM controls aim to clean up the digital infrastructure by cleaning up inactive accounts, limiting privileged access and tracking privileged users, preventing data breaches.

What Are Privileged Accounts?

What differentiates privileged accounts from other, more generic accounts, is that they are allowed access to more systems and data. For example, a privileged user will have access to medical records, payment card details, social security numbers, and company secrets, in addition to security solutions and hardware applications. Privileged accounts are generally admin accounts, which include Local Windows Admin accounts, Domain Admin accounts, and Service Accounts.

Why do Privileged Accounts Require Special Protection?

Since these accounts are used to access critical systems and sensitive data, they require the highest level of protection. A breach of one of these accounts will give adversaries the opportunity to disrupt critical systems, steal sensitive data, and even elevate their privileges further, if necessary.

Paths to Exploiting a Privileged Account

A large number of data breaches are caused by stolen passwords, usually via some kind of social engineering technique and/or a malware attack. Below are the main ways adversaries can gain access to privileged accounts.

• Social Engineering. Phishing and other social engineering techniques are perhaps the most common method of illegitimately obtaining credentials. Attackers will typically masquerade as a trusted entity in order to trick the victim into handing over their credentials. In some cases, the attacker will spend time learning about the victim and/or befriending the victim in order to make the attack more targeted. This technique is generally referred to as spear-phishing.
• Credential Exploitation. This includes brute-force password attacks, password guessing, shoulder surfing, dictionary attacks, rainbow table attacks, password spraying, and credential stuffing. In some cases, the attacker will try to guess the security questions in order to gain access to a privileged account. They might also try to compromise the password reset mechanisms in order to exploit any password changes and resets.
• Vulnerabilities and Exploits. Attackers will often try to gain access to a privileged account by targeting vulnerabilities found in operating systems, communication protocols, web browsers, web applications, cloud systems, network infrastructure, and so on.
• Default Passwords. In some cases, companies forget to change the default passwords on admin or root accounts, which attackers will try to exploit.
• Spyware. Adversaries will often try to use spyware to gain access to privileged accounts. Keyloggers, for example, can harvest credentials by monitoring the keystrokes of the user.

OCD Tech’s team of experts are ready to create a comprehensive privileged access management strategy for any client in a 7-step process:

Define -> Discover -> Manage & Protect -> Monitor -> Detect Usage -> Respond -> Review & Audit. 

In addition to designing PAM strategies and definitions tailored to an organization’s needs, OCD Tech has hands-on experience implementing powerful tools, including but not limited to Privileged Session Management (PSM) and multifactor authentication (MFA). Our information technology analysts have the skills to actualize and explain PAM tools and tactics to the whole company, from the C-suite to the interns. Contact us and prevent data breaches.

Source: MASS TLC Article by Raina Malmberg, OCD Tech