Worried that a privilege abuse attack might be brewing?
Fend off instances of privilege abuse by putting these airtight measures in place.Download 30-day free trial
Privilege abuse, as the name suggests, is the process of misusing special rights granted to privileged accounts, accidentally or intentionally, for tasks that do not adhere to the organization’s policies.
The 2018 Insider Threat Report specifies that 37 percent of privilege abuse attacks happen due to organizations granting users greater access control than required.
Privilege abuse can critically affect almost every vertical in the world. Let's look at the damage privilege abuse can cause in a few verticals.
A privileged user at a financial agency, say an account manager, tries to steal clients' money by using their access to financial records. The company finds itself facing legal charges the very next day.
Consider a government organization with databases storing confidential information about that country’s citizens. A privileged user goes rogue and steals the identities of hundreds or possibly thousands of people. They then use those stolen identities for any number of things, including to gain access to victims’ bank accounts.
In an effort to cut costs, a university enlists students to build an attendance management system. To properly implement this project, the students need access to critical data. These students use this access to modify their grades, class ranking, tuition fees, and more.
Attacks due to privilege creep
Privilege escalation attack
A best practice for security management is to revoke a user’s special rights once their designated task is completed. However, due to lack of proper monitoring by technicians, most of these rights are not revoked on time. Over time, accounts can accumulate specific privileges; this phenomenon is known as privilege creep. This can result in accidental or intentional misuse of rights for fraudulent or malicious activities.
Privilege escalation is the process of users elevating their permissions to gain greater access rights. For instance, a user might chance upon the saved passwords of a privileged user (say, an administrator) and use that privileged account to elevate their own privileges in the organization.
An attacker may steal the credentials of another user, and then impersonate that user by logging in to their account. The attacker may then use the privileges assigned to the victim's account for carrying out malicious plans.
Careless handling of NTFS permissions can land your organization in hot water. Even so, many technicians take the easy route of granting full control to most users, as granular configuration of permissions using the native tools is cumbersome. A better practice is to review a summary of who has what kind of access to which folders before you decide on assigning fresh permissions to users.
Attackers can easily hijack the accounts of inactive users, such as the accounts of employees who have gone on vacation. To prevent ungoverned inactive accounts from opening the door for account hijacking, make it a rule of thumb to disable such accounts.
Privilege creep happens because technicians forget to revoke the assigned permissions on time. This can easily be prevented by automating the process of removing users from privileged groups when they no longer need access. Additionally, for easy administration of permissions, you can create a group containing all the users you want to provide with full control.
Keep your roles and access rights in line with each other by delegating only the necessary rights to the required roles. While delegating access rights, assign special rights only to the required OUs, and be very restrictive with the type of tasks that a technician can perform in an OU.
When an organization’s offboarding policies are not rigidly followed, ex-employees may retain access rights to business-critical resources. This unauthorized access can wreak havoc for an organization. Therefore, it's essential to construct proper deprovisioning policies and automate the offboarding process to prevent errors.
To prevent incidents of privilege escalation, use a documented request approval process for elevating rights. Documenting the request approval process empowers you to decide whether the privilege elevation is warranted or not.
Comprehensive NTFS management and reporting
Inactive user management
Automated deprovisioning policies
Multi-tier request approval process
30 days free trial.