In the past year, organizations continued to struggle to address cyber
security risks being created in the wake of rapid technology adoption. Technology
adoption needs to be aligned with effective risk management strategies and the
challenge most organizations face is that today’s technologies often lack the
security of more mature technologies. This has opened organizations to attacks
targeting privileged credentials – especially privileged credentials. Look no
further than cyber attacks and data breaches at companies like Yahoo! and Uber
that flooded the dark web with billions of credentials for potential misuse.
security risks being created in the wake of rapid technology adoption. Technology
adoption needs to be aligned with effective risk management strategies and the
challenge most organizations face is that today’s technologies often lack the
security of more mature technologies. This has opened organizations to attacks
targeting privileged credentials – especially privileged credentials. Look no
further than cyber attacks and data breaches at companies like Yahoo! and Uber
that flooded the dark web with billions of credentials for potential misuse.
In the wake of these attacks, the coming year will see increased use of
automation and expanding hybrid cloud and DevOps environments that will create
fertile ground for attackers based on a growing variety of privileged credentials
associated with human and non-human users. These credentials include those associated
with employee and remote vendor session and browsers, service accounts, access
keys, machine identities, SSH keys and embedded passwords.
automation and expanding hybrid cloud and DevOps environments that will create
fertile ground for attackers based on a growing variety of privileged credentials
associated with human and non-human users. These credentials include those associated
with employee and remote vendor session and browsers, service accounts, access
keys, machine identities, SSH keys and embedded passwords.
Based
on its research, CyberArk Labs believes that credential-based attacks and
exploitation will accelerate and dominate the threat landscape in 2018.
Following are specific examples of where privileged credential risk will be
most prevalent.
on its research, CyberArk Labs believes that credential-based attacks and
exploitation will accelerate and dominate the threat landscape in 2018.
Following are specific examples of where privileged credential risk will be
most prevalent.
1. Attackers Hide Behind Machine Identities – While federated Identities are increasing, identity boundaries are
decreasing across devices and networks, creating a murky security environment. The
number of identities will only increase in the coming years with the adoption
of services-oriented environments. One of the implications is an expanded
attack surface, one no longer limited to the exploitation of domain admin
credentials as a primary target. Security teams must be
prepared to not only determine “who” – but increasingly “what” can be trusted.
By stealing machine identities, attackers can keep a lower profile on the
network while using related credentials to control processes and even security
policies. For example, CI/CD tools can become critical assets – the most
sensitive on the network. When credentials for these tools are exploited, an
attacker can gain control of the entire DevOps workflow and weaponize the tools
to push malicious code or configurations.
decreasing across devices and networks, creating a murky security environment. The
number of identities will only increase in the coming years with the adoption
of services-oriented environments. One of the implications is an expanded
attack surface, one no longer limited to the exploitation of domain admin
credentials as a primary target. Security teams must be
prepared to not only determine “who” – but increasingly “what” can be trusted.
By stealing machine identities, attackers can keep a lower profile on the
network while using related credentials to control processes and even security
policies. For example, CI/CD tools can become critical assets – the most
sensitive on the network. When credentials for these tools are exploited, an
attacker can gain control of the entire DevOps workflow and weaponize the tools
to push malicious code or configurations.
2. Key
Chaos Leads to Unintended Consequences – The prevalence of SSH keys to
access cloud resources and the lack of adoption of PKI for DevOps environments are
leading contributors to key chaos, which increases security risk and the chances of key
exposure or compromise through simple mistakes or human error. Security teams must improve
oversight and management to avoid these keys becoming easy targets for
attackers. The main concerns associated with unmanaged keys center on the proliferation
of machine and human
identities that provide privilege escalation opportunities. For example, a user
with access to a machine-assigned role with account-level privileges may be
able to steal that machine’s identity and adversely affect the cloud account. Additionally,
the use of temporary tokens can be a double edged sword. Temporary tokens are
an improvement to static keys, generally expire after a period of time, and are
used to permit dynamic privilege. Temporary tokens can provide better security,
but only if managed and provisioned properly, including oversight of who has
those keys at any moment of time.
Chaos Leads to Unintended Consequences – The prevalence of SSH keys to
access cloud resources and the lack of adoption of PKI for DevOps environments are
leading contributors to key chaos, which increases security risk and the chances of key
exposure or compromise through simple mistakes or human error. Security teams must improve
oversight and management to avoid these keys becoming easy targets for
attackers. The main concerns associated with unmanaged keys center on the proliferation
of machine and human
identities that provide privilege escalation opportunities. For example, a user
with access to a machine-assigned role with account-level privileges may be
able to steal that machine’s identity and adversely affect the cloud account. Additionally,
the use of temporary tokens can be a double edged sword. Temporary tokens are
an improvement to static keys, generally expire after a period of time, and are
used to permit dynamic privilege. Temporary tokens can provide better security,
but only if managed and provisioned properly, including oversight of who has
those keys at any moment of time.
3.
Security
as a Target: Authentication in Attackers’ Crosshairs – Cloud
is pushing towards identity consolidation as we consume more “services” and
less raw technology. Consolidation of identity means more opportunity for
lateral movement across services, and a compromise of the authentication
service may lead to a total loss of the identity. Current authentications methods such
as two-factor and single sign-on must adapt to protect against emerging
threat vectors, or become targets themselves. If these tools are compromised,
they allow attackers unprecedented flexibility, and the ability to compromise
networks at a deep level.
From a defensive perspective, evolving block chain technology could be adopted
to remove the single point of trust and failure that allows Golden Ticket and
SAML techniques. Block chain authentication could be used to remove the trust
from Active Directory, for example, and move that trust to the whole network.
This will force attackers to compromise a substantial amount of assets and
sensors (to have consensus) before being able to authenticate. Authentication
and the larger realm of security controls will continue to be an enticing
target given heightened power and trust.
Security
as a Target: Authentication in Attackers’ Crosshairs – Cloud
is pushing towards identity consolidation as we consume more “services” and
less raw technology. Consolidation of identity means more opportunity for
lateral movement across services, and a compromise of the authentication
service may lead to a total loss of the identity. Current authentications methods such
as two-factor and single sign-on must adapt to protect against emerging
threat vectors, or become targets themselves. If these tools are compromised,
they allow attackers unprecedented flexibility, and the ability to compromise
networks at a deep level.
From a defensive perspective, evolving block chain technology could be adopted
to remove the single point of trust and failure that allows Golden Ticket and
SAML techniques. Block chain authentication could be used to remove the trust
from Active Directory, for example, and move that trust to the whole network.
This will force attackers to compromise a substantial amount of assets and
sensors (to have consensus) before being able to authenticate. Authentication
and the larger realm of security controls will continue to be an enticing
target given heightened power and trust.
Further Reading
About CyberArk Labs
CyberArk Labs is part
of CyberArk, the global leader in privileged account security. CyberArk Labs
believes understanding the attack cycle and the movement of attackers is
critical in exposing the security holes that attackers exploit. By identifying
these weaknesses, CyberArk and the security industry is better able to
architect solutions thaAt prevent cyber attacks from escalating.
of CyberArk, the global leader in privileged account security. CyberArk Labs
believes understanding the attack cycle and the movement of attackers is
critical in exposing the security holes that attackers exploit. By identifying
these weaknesses, CyberArk and the security industry is better able to
architect solutions thaAt prevent cyber attacks from escalating.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
