Skip to main content

Back to Blog

The Exploitation of Privileged Accounts 

The flow of news about data breaches and ransomware attacks is relentless. Businesses of all sizes—large companies included—continue to suffer. Not only do cyber attacks lead to financial damage, but they have knock-on effects like reputational impact and loss of client trust. 

What’s less publicized is just how often these breaches are caused by vulnerabilities in privileged accounts. 

Privileged accounts are those with substantially more rights than ordinary users. They include accounts owned by employees and those used by third-party applications and services that interact with other parts of the network infrastructure. When cybercriminals obtain the credentials for a privileged account within the organization, they can easily make undetected lateral moves, harvesting data and installing malware. 

For system administrators and security teams to effectively protect against attacks on privileged accounts, they need to be aware of the most common attack vectors so they can focus on the right areas. 

The four most common ways attackers compromise privileged accounts include: 

1.     Default passwords – Hardware devices and applications often come pre-configured with default passwords that are known to the public. It’s hard to believe, but accounts with elevated privileges, including installing or removing software, upgrading the operating system, or modifying system or application configurations, are often left with the default password. Default passwords must be changed, or they are an easy access point for hackers. 

2.     Shared passwords and shared accounts – Shared passwords and weak passwords are connected issues with disastrous repercussions in the cybersecurity world. However, administrators often still re-use the same password across multiple systems or share them with other administrators.  This can help save time but can lead directly to a massive breach if a bad actor can obtain the shared password. This practice should be considered a severe policy violation with severe consequences up to and including termination.

3.     Password Reuse — In a similar vein, password reuse—using the same, or very slight, predictable variations of a root password across accounts and devices—is a chronic issue. Billions of credentials are available on the dark web and bad actors are aware that the majority of users reuse passwords to some extent, so even if an entertainment website was breached, many financial and government accounts are immediately endangered. 

4.     Brute Force & Password Spraying — Many types of cyber-attacks target passwords. A brute force attack is a method used by cybercriminals to crack the username and password of accounts through trial and error—essentially, blasting possibilities of usernames and common/weak passwords at login. Password spraying is a little more subtle: an attacker uses compromised credentials obtained from a data breach to attempt an account takeover.  Attackers dramatically increase their odds by focusing on previously compromised passwords that can be readily obtained from the dark web.

Securing Employee Accounts

Within any organization, security team members or IT administrators can adjust their policies or establish new ones that follow along with the Principle of Least Privilege (PoLP). This is a straightforward idea that involves only giving accounts the privileges they need. For example, a typical employee account does not need administrative privileges. 

Revisiting password policies to match with NIST guidelines, and increasing password hygiene company-wide, can help prevent breaches as well.