April 13, 2016 | Security and Risk | John Worrall
In March 2016, the cyber security community collectively winced when it was discovered that hackers breached the servers of DDoS protection firm Staminus and placed sensitive data online for the whole world to see.
The Staminus data breach occurred on March 10 after hackers gained access to the company’s back-end servers and reset the servers to their original, factory settings. This action resulted in the collapse of the complete network and the hackers then used Hastebin, an anonymous text sharing portal, to place the stolen information from Staminus’ database in public.
Staminus’ clients need to be aware of potential credit card issues and the need to reset all their account passwords. The leaked data also includes customer support tickets, server log data, chat logs and the source code of some of the company’s services.
The Staminus breach is a painful lesson that revealed several internal security flaws, such as unpatched systems, exposed telnet, credit card data stored in plaintext and the use of the same password for all root accounts. This is a stark reminder of what can happen when an organization doesn’t employ privileged controls as part of its basic security controls.
Privileged account security must be part of an organization’s “Security 101 Checklist.” Along with patching, firewalling, encrypting sensitive data, privileged credentials need to be unique, complex and rotated.
Effective protection requires implementing an automated process to change hard-coded or embedded passwords for scripts and service accounts, as well as enforcing a policy of “least privilege” that ensures users have only enough privileges required to do their job.
It’s been stated many times – it’s not a matter of if a breach will occur, it’s when. That’s why organizations must take a proactive and layered approach to mitigate risks.
CyberArk’s Director of Consulting Services Gerrit Lansing wrote an article last November highlighting a few best practices for locking down credentials “Proactive Preventive Measures or Remediation: Same Actions, Different Timing.” It’s worth a quick read for a reminder of basic best practices.
If you are just getting started, consider using our Discovery and Audit Tool to identify where privileged accounts exist within your organization and assess your risk profile. Research from CyberArk Labs found that 88% of the networks scanned were found to be significantly susceptible to compromise through privileged account credential theft or abuse.