November 1, 2016 | Security and Risk | Amy Burnis
Cyber attackers pose a number of “scary” situations for IT security professionals. Attack vectors change, new threats emerge and staying on top of best practices can be a challenge. In the CyberArk Global Advanced Threat Landscape Survey 2016, respondents were asked which cyber attacks or tactics were the most concerning for their organizations in the next 12 months. Considering the recent Dyn attack and other headlines, the results of that question were spot on: Distributed denial-of-service (DDoS) attacks (19 percent), phishing (14 percent), ransomware (13 percent), privileged account exploitation (12 percent) and perimeter breaches (12 percent).
The security industry understands the value of working together for the advantage of the greater good. This is particularly important as we read about “amateurs” who have effective tactics thanks to a matrix of connected devices. Security professionals have to stay ahead of the curve, and the bar is continually moving higher. This requires prioritizing time and security initiatives.
CISOs and others certainly value sharing their experience and learning lessons from others. In the spirit of Halloween, here are three dark tales about companies that recently experienced horrifying cyber attacks—all through the exploitation of privileged accounts.
The Bone-Chilling Bangladesh Bank Heist
In February 2015, after breaking through the bank’s IT perimeter by using malware, cyber criminals captured administrator privileged credentials from infected machines. Using these stolen credentials, they moved laterally throughout the environment until they reached SWIFT, a financial services co-op that provides a secure network through which banks can send and receive monetary transactions. After commandeering SWIFTNet systems, the attackers proceeded to order a total of 35 transactions worth $951 million. Approximately $81 million was transferred before a spelling error raised suspicion that led to the discovery of the breach. To this day, the money remains unrecovered.
The Sinister Ukraine Power Shutdown
On December 23, 2015, 225,000 residents throughout western Ukraine lost electricity and the IT and OT systems belonging to two of the region’s utility providers were destroyed. This unprecedented cyber attack began when attackers sent spear phishing emails to IT systems administrators at the impacted utility companies; three individuals fell victim. With the click of a button, the attackers gained the inside access needed to exploit legitimate users, gain access to privileged accounts, and ultimately destroy systems and shut off electricity throughout the region—leaving thousands in the dark.
The Horrible OPM Breach
In 2014, alleged nation state attackers compromised a third-party contractor hired to conduct background checks on behalf of the U.S. federal government. The purpose of this “secondary” attack was to gain trusted access into the Office of Personnel Management (OPM) network. The attackers succeeded in their mission, breached the OPM network, escalated privileges and ultimately located and exfiltrated their desired data. Nearly a year after the attack on the contractor, OPM discovered that it had fallen victim to a large-scale, targeted data breach that resulted in the theft of highly personal information on 21.5 million current and former employees and contractors. Talk about a nightmare.
Privileged account security—or the lack of it—is a major factor in nearly every headline-grabbing cyber attack today. Businesses that fail to prioritize the security of their privileged accounts are at risk of becoming victims—which can mean significant damage to business, reputation and even the ability to operate. Download our free guide highlighting five top reasons to prioritize privileged account security….before it’s too late.