Don’t Be a Target: Secure Your Service Desk
Donald Hasson
Director of ITSM Product Management – Bomgar
November 2, 2017
Agenda
• A Quick Survey
• Cyberbreach risk factors
• The Service Desk and Privileged Credentials
• Cyberbreach Process
• Solutions and Approaches
Privileged Accounts are the Prize
What are Privileged User Accounts?
• One or more “superuser” accounts that contain the rights necessary to perform administrative, maintenance, and other key system tasks
• Built into every IT application and system
• Typically shared among several people
Why are they so problematic?
• They are all powerful
• They are shared
• They are anonymous
• But, we can’t live without them!
80% of all securitybreaches involve misuse of
administrative privilegesPrivileged Identify Management Trends Forrester, June 2015
“ “
External threatIntentional or Accidental
• Domain Admins can see everything• Workstation Admins can see almost
everything• Exchange admins can read emails• DBAs can export financial data• Application admins can insert
malicious code• Data, Data, Data
Verizon Data Breach Investigations Report found that one in five security incidents is caused by privileged account misuse
Insider threat
Key target in data breaches
Allow for lateral movement
How are they stolen?• Guessed• Seen (Shoulder surfing)• Stolen by Malware / Spyware• Other Keystroke loggers
• It’s EASY!
Risks of Privileged Accounts
80% of all securitybreaches involve misuse of administrative privileges.
Privileged Identify Management Trends Forrester, June 2015
“
“
Cyber Breaches Show No Sign Of Slowing Down
Targeted attacks on corporate IT networks have increased in scale and public visibility
Hacker objective = bypass perimeter security, by stealing legitimate credentials to gain access
Phishing tactics are increasingly sophisticated and often involve social engineering
Exploitation
ReconnaissanceLocate targets and develop a plan of attack based on network vulnerabilities
How It Works - The Cyber Breach Attack Process
Target
EcosystemHacker
ecosystem
Reconnaissance
Infiltration
Exfiltration
ExploitationExpand access by elevating user privileges and moving laterally across the network
ExfiltrationData is transferred externally from the network using exfiltration malware
InfiltrationExploit vulnerabilities to acquire initial access
©2017 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE
Credentials are Another Key Point of Vulnerability
• Privileged user accounts can’t be accessed without credentials, but the volume of credentials to keep track of is high
• Often stored insecurely and in plain text, such as on sticky notes or in spreadsheets
• Infrequently used credentials are often forgotten
• May be non-compliant, repeated, rarely or never changed, or shared with the wrong person
63% of confirmeddata breaches involved weak, default, or stolen passwords Verizon 2016 Data Breach Report
“ “
1. Get in (Phishing)
2. Steal 1st Credential
Example - Hacking and Lateral Movement
1. Get in (Phishing)
2. Steal 1st Credential
3. Move Laterally
4. Get Domain Admin
Example - Hacking and Lateral Movement
1. Get in (Phishing)
2. Steal 1st Credential
3. Move Laterally
4. Get Domain Admin
5. Execute Mission
Example - Hacking and Lateral Movement
Attack Timeline
Reconnaissance Attacker Undetected – Stealing Data
24-48hours
First HostCompromised
Domain Admin Compromised
According to Microsoft, the average time it takes to go from initial compromise to full Domain Admin privileges is 24-48 Hours
CORPORATE NETWORK
✓
SECURED NETWORK AREA
EMPLOYEES /ADMINSTRATORS
Insider Risks
Intentional and Malicious For Profit
For Curiosity
For Social Justice
Accidental Downtime
Loss of Data
74% of organizationsfeel vulnerable to insiderthreats — 7% from previous yearInsider Threat Spotlight Report 2016, Crowd Research
“ “
Insider Risks
Risk Factors in the Service Desk
Service desk technicians require privileged access to do their jobs
• Often granted “all or nothing” access
• Account info stored insecurely (sticky notes, spreadsheets)
• Often one of the largest groups of privileged users
Common personnel practices may mean security is not at the forefront
• Short training cycles, often focused on product/company knowledge, not security
• Turnover – do former employees still have access
98% of ServiceDesk users have access to admin accountsBomgar Survey, Dec 2016
“ “
Recommendations
Ongoing security education should be a priority for both new and tenured service desk employees
Modify corporate password policy to be stronger for privileged accounts
• More regular rotation
• Forced rotation when an employee terminates
Integrate your remote support tool with existing Identity and Access Management (IAM) software
• e.g; Microsoft Active Directory (AD)
Utilize enterprise grade password managers
• Use credential injection to streamline login process and increase productivity
Top Related