by John Worrall
Another reporter, another hijacked privileged account. The Washington Post, as well as other news outlets posted a story on Friday about data being stolen from CBS reporter Sharyl Attkisson’s computer. It’s not the first time news organizations have been targeted, (see Associated Press, Wall Street Journal, New York Times). Shared administrative or other privileged accounts were exploited in all of these cases.
As you read the Washington Post story on CBS, you’ll note that the attacker was able to erase any trace of their activities, which means they didn’t leave much of a trail that would have alerted the security team. Access to a privileged account would be the only way the attacker could have erased their footprints.
Organizations across industries, around the globe and in both public and private enterprise have the same challenge. Privileged accounts represent the most critical “flash point” in a cyber-attack, because once they are compromised, the attacker has very broad and very powerful access, and they can erase any evidence of their existence. That means it is extremely difficult to detect and respond to their presence before serious damage is done.
Organizations must have the ability to protect access to these privileged accounts, continuously monitor their use, and have real-time access to intelligence about potentially malicious activity.