by Derrick Pyle
Phishing. It’s a problem; we can all agree on that. Normally we’re talking about APTs in relation to this: really sophisticated long-term attacks that enter at one seemingly unrelated vector only to work their way up the chain of command to get at the heart of your most important data. Frequently APTs use phishing, malware, and social engineering to accomplish their goal of reaching those all-important admin names and passwords, in the following instance it was just one of those vectors.
Some middle school students in Alaska actually phished for administrator privileges. The students used the credentials to obtain access and to control fellow classmates’ PCs. Why the accounts weren’t locked down is a mystery, but I hope people can take a professional lesson from this. Secure your privileged accounts – make it a priority. It’s so easy to get phished, a kid can do it.
If you need to get a handle on how many privileged accounts you currently have and where they exist, you can get a free risk assessment with Cyber-Ark DNA.