Skip to main content
HomeThe Web Writer Spotlight

- News, tips, inspiration you can trust to thrive in today’s digital age.

Search form

Main menu

  • Home
  • News & Features
  • Business & Economy
  • Tech & Trends
  • Health & Style
  • Arts & Culture
  • Contact Us
 

How Cybercriminals Target and Abuse Privileged Accounts Undetected

Alexis Davis June 27, 2023
Image for How Cybercriminals Target and Abuse Privileged Accounts Undetected

IT professionals are constantly battling cyber threats. And while the security threats may vary, many of the most hidden and undetected cyber threats these days involve privileged user accounts.

Privileged accounts are those enterprise accounts that belong to users who have been granted administrative privileges to systems. The accounts may harbor unexpected attackers, raising security concerns that serious data breaches may occur.

Because data integrity is critically important to businesses and organizations nowadays, you need to know how to protect your company’s privileged accounts from cyber threats lurking around.

It’s important to learn how to monitor privileged accounts and secure the accounts from cyber-attacks. That entails understanding the risks and methods of preventing privilege abuse.

 

What Is Privilege Account Abuse?

 

A privileged account is simply a user account that has privileges associated with it. Abuse of the accounts happens when those privileges are misused or used inappropriately without authorization.

Sometimes a privilege account abuse happens with malicious intent from attackers, while other times it happens accidentally or through willful ignorance of policies by insiders. 

The 2023 Insider Threat Report by Cybersecurity Insiders states that 74% of organizations are at least moderately vulnerable to insider threats.

Meanwhile, according to a 2020 IBM Security Services report, over 90% of all security incidents involved some form of malicious privilege abuse.

Similarly, Verizon's 2017 Data Breach Investigation Report showed that privileged account abuse was the second most common cause of security threats.

privileged_account_abuse_report.png

DBIR graph showing privilege misuse as one of the top causes of cyber breaches and incidents.

 

How Does Privilege Account Abuse Happen?

 

Many businesses don't monitor privileged accounts activity or limit access. And, oftentimes, privileged accounts users have more access rights than they need to do their jobs. This means access is available for use or abuse by more people.

IT management is usually in charge of user accounts, while IT security is in charge of finding threats. Privileged account abuse tiptoes on both areas and neither covers it adequately, meaning there's a lack of oversight when it comes to misused access.

Malicious actors (whether insiders or outside attackers) can exploit the lack of oversight and carry out fraudulent or malicious activity with privileged account access. Hackers can use application and operating system vulnerabilities, brute force attacks, malware, social engineering tactics, and other methods to gain privileged access.

Michael C. Redmond, Ph.D., Deputy CISO, says when attackers gain access to higher levels of system hierarchy than they are supposed to have and take control of important system components such as data and files without being detected, privileged account abuse has occurred.

Compromised privileged accounts can access sensitive data and delete, modify, or otherwise affect it, leading to severe data and security breaches. Unfortunately, privileged account abuse like those ones are common and a serious issue for organizations and businesses of all sizes.

 

Consequences of Poor Management of Privileged Accounts

 

When privileged account abuse occurs, the consequences can be dire. Access to privileges is a gateway to a system's data. So, even if a user is unintentionally misusing access, it can lead to a leak or loss of sensitive information.

Systems and applications may also shut down for periods of time, damaging business operations. This can then lead to bad publicity, loss of customer trust, and even long-term lawsuits.

Affected business might even face compliance failures and associated penalties due to privileged account abuse, and management could see steep fines or even imprisonment as a result.

 

Why Cybercriminals Target Privileged Accounts

 

close-up-hacker-typing-targeting-privileged-accounts

Oftentimes, attackers come from outside business walls. A 2015 survey suggests that 45% of hackers prefer targeting privileged accounts because these are the accounts with a high level of access rights to sensitive data and records.

Attacking privileged accounts means hackers can access the network and make crucial changes unhindered. They can also restrict access for other users, while taking any files they want away. 

Hackers know privileged accounts have more potential for criminal financial gain. Thus, they use malware, stolen credentials, and phishing schemes to gain privileged access and compromise data.

An attacker may not always restrict other users' access to their accounts in order to remain undetected. But, they can use hacked privileged accounts as a gateway into an entire system, building fake credentials and doing other fraudulent activities along the way.

Attackers may find files with people's private information, such as credit card numbers, social security numbers, phone numbers, and email addresses. They may also find bank account details, business files, and other information to sell.

Some privileged account hackers may decide to destroy key information a business needs to hurt the business undetected, while others brazenly use the data to hold the business for ransom. 

Attackers don't have to be the stereotypical hooded guy in a basement. No, attackers can be anyone, including business leaders. Others are supposed entrepreneurs who turn their criminal activities into a full-blown "business," complete with salaried employees.

 

The Process of Attacking Privileged Accounts

 

A hacker can attack any kind of privileged account. This is true for both an upper management account and also someone in the mid-levels who has some privileged account access. 

All that attackers usually need is one access point to get their foot in and their hands on unauthorized information. They generally follow a simple process that is effective: 

  1. Identify and obtain any credentials that have privileged access.
  2. Access a separate endpoint
  3. Repeat and repeat until they find what they want. 

 

How Hackers Identify Privileged Accounts

 

There are several steps attackers can use to identify a privileged account and target it:

  1. Survey the privileges of local users
  2. Attempt to log on with higher privileges
  3. Bait with a malicious file document and wait for the user to open it and infect a second endpoint.
  4. Use tools to walk through the endpoint's memory
  5. Move within the organization's user accounts

Hackers go through such steps and are determined to keep going until they break through. Sadly, it can be challenging (though not impossible) to prevent attackers succeeding if they target you.

 

Challenges of Preventing Privileged Account Abuse

 

Managing privileged account abuse threats can be difficult for organizations because it's hard to prevent hackers from accessing the controls without also preventing users from doing their jobs.

Most privileged account users have vital roles within the business or organization, hence the privileged access in the first place. They need that access to do their job. So, blocking their access can hinder their work and productivity.

Naturally, the solution would be to select individual access controls. Decide what each user can and cannot do with a privileged account. This adds a layer of security, but it may also make a highly restrictive environment that can lead to less productivity.

 

Controlling and Managing Privileged Account Abuse

 

secure-privileged-user-accounts.png

Aside from controlling privilege abuse with role-based access control (RBAC), where user access to sensitive data or systems is limited based on their assigned roles, other effective methods of managing and reducing the risk of privileged abuse include:

i). Requiring multi-factor authentication (MFA)

MFA helps protect against account password theft by requiring additional layers of authentication beyond simply entering a username and password. This can make it more challenging for attackers and reduce the risk of cybersecurity breaches.

ii). Monitoring privileged accounts continually

By monitoring and checking audit logs and credentials such as usernames and passwords regularly, organizations can detect any suspicious activity related to privilege abuse and take appropriate action in a timely manner. 

iii). Reviewing user credentials regularly

While monitoring privileged accounts also ensures you'll notice any users who are abusing privileges, regularly reviewing privileged user credentials will ensure that users have only the necessary privileges they need to perform their job.

 

What Happens After an Attack?

 

Cybersecurity management should also focus on what happens after an attack. This means your IT security team needs to watch for patterns of attacks and breaches and guard against them.

Is a privileged user showing typical unsafe or suspicious behavior? Are they accessing files they normally should not use? Are the times they're logged on suspicious in any way?

Users usually have patterns in their internet activity. It's easy to see when they log on and how they spend their time. The IT team can build a baseline profile of privileged accounts using the information in those patterns. They can then apply algorithms to watch a user's activity, identify when users deviate greatly from the pattern, and sound an alert.

If there is anything unusual happening, such as logging in at an odd time of day, security can be alerted. This can help stop cybersecurity breaches before they happen and before they go too far.

Response time is of the essence in cybersecurity, particularly when an attack happens. You shouldn’t wait for an attack to go unaddressed before responding to it. Instead, remain vigilant always and take swift action to stop attacks getting worse.

Stay alert always, secure your networks, and make it difficult for cybercriminals to target privileged accounts in your business.


Alexis Davis is a senior staff writer at WebWriterSpotlight.com. She covers social media and other digital media news affecting writers, entrepreneurs and online creatives.


 

Related stories

 

Safeguard Your Online Accounts Against Hacking

Protect Yourself from the Scary World of Online Identity Theft

Why Cybersecurity Alliances Are Being Formed (And Their Value)

Cybersecurity Facts You Should Know to Protect Your Business

Severe Cybersecurity Concerns Threating Businesses Online

How Blockchain Technology Can Bolster Your Business’ Cyber Security

 

Share this article

  • facebook
  • twitter
  • linkedin
  • pinterest
  • pocket
  • email
  • hackernews
  • reddit
  • tumblr
  • whatsapp

bg_carousel_header_0.png

SUBSCRIBE TO OUR NEWSLETTER  newsletter icon.png

Get our best content, tips, and inspiration free in your inbox. Subscribe here >>

bg_carousel_header_0.png

 

You might also like...

Healthy Living: How Your Home Affects Your Health

How to Use Marketing Collateral to Empower Your Software Business' Product Management

The Right Way to Breathe During the Coronavirus Pandemic

Mobile Commerce: The Stats & Future Projections

At-Home Remedies to Calm Your Mind and Body

calypso-goddess-nymph-of-the-island-of-ogygia

Epic Greek Mythology of Calypso Goddess – Nymph of The Island of Ogygia

 

Join over 20,000 Subscribers!

And get our best content, news, tips, and inspiration free in your inbox. Subscribe ››

twitter.gif linkedin-gray.jpg email.gif RSS feed

 

 

 

 

 

 

Most read this week


retailer_holding_tablet_warehouse_flexible_automation
Why Online Retailers Need a Flexible Warehousing Solution - Adapt to Fluctuating Demands
Thomas Genestar

How to Adapt Your Content for Rising Voice Search
Al Gomez

How to Leverage Technology for Flawless Event Planning
Lorenzo Dwyer

Is It Better to Build a Website Yourself or Hire Someone to Do It?
Ayla Anderson

 

Got a story or tip for us?

 

Tips_0_0_0.png

Here's how to submit it →

 

 

 

Like this content? Never miss a story!

Get our best content, tips, and inspiration free in your inbox.

CAPTCHA
Please check this box to prove you are a human visitor and help us prevent automated spam submissions.
 

New stories


Home Office Upgrades: Online Lenders Can Help Fund Your Office Revamp

Ella Brown September 27, 2023
OFFICE UPGRADES & REVAMPS
young-female-freelancer-working-from-home-office-upgrade-revamp-alternative-lending

Upgrading your home office can cost quite a bit, especially if you need to buy new office supplies. Luckily, online lenders can provide alternative lending options and short term loans to fund your office revamp.

Ads Copywriting: Tips to Craft the Best Ads for Mobile Marketing

Alexis Davis September 27, 2023
ADS COPYWRITING
person-using-smartphone-viewing-ad-mobile-marketing-copywriting
Mobile marketing is all-the-rage. With good ads copywriting skills, you can craft the best mobile ads and capture the attention of a wide number of mobile users and target audience.

Best Dystopian Novels of All Time That'll Rekindle Your Love of Reading

Jayson Antonio September 27, 2023
LOVE OF BOOKS
female-sitted-reading-novel-enjoyable-experience
One form of entertainment stands above the rest—reading. These classic dystopian novels – arguably best dystopian novels of all time – will spark your interest in this genre and rekindle your love of reading works of fiction.

10 Ways Resourceful People Build Resilience & Turn Failure to Success

WWS Editor September 26, 2023
RESOURCENESS & RESILIENCE
portrait-man-strong-resilient-lifting-truck-wheel
“Life doesn’t get easier or more forgiving, we get stronger and more resilient,” Steve Maraboli observed. But how can you become more resilient? You can learn from the most resourceful people.

Say Goodbye to Bad Breath With Braces: 8 Tips for Fresh Breath!

Emily Taylor September 26, 2023
ORAL HEALTH CARE
woman-smiling-with-braces-teeth
Wearing braces doesn’t have to mean bad breath. By following some simple yet effective tips, you can avoid bad breath with braces and keep your breath fresh throughout your orthodontic treatment.

Amazon to Invest $4bn in ChatGPT Rival: Consider AI As Race Heats Up

Alexis Davis September 25, 2023
AI INVESTMENT
artificial intelligence-ai-investing-concept-illustration
Amazon’s $4bn investment in Anthropic reinforces why you should consider AI or have some AI exposure. AI is not just another technology trend; it is a game-changer.

10 Inspiring & Artistic UK Cities for Creatives

WWS Reporter September 25, 2023
ARTISTIC CITIES
people-city-street-art-graffiti
Ever wondered which UK cities are the most artistic, inspiring, and supportive for creatives? The top most creative and artistic cities include Manchester, Liverpool, and even Tyne.

Pagination

  • (Page 1)
  • Next page Next ›

Contributors blogs


Blog here »

Digital Marketing 101: What You Should Know to Get Started

Devin Schumacher

 


The Downsides of a Freelance Writing Career (And Why I Still Love It)

Kenneth Waldman

 


What Is Intellectual Property and How Can Businesses Protect It?

Philip Partington

 


nodejs-IDEs

5 Best Node JS IDEs for Enhanced App Development

Kaushal Saini

 


doctor-vacine-vitamin-d-relieves-coronavirus-severity

STUDY: Vitamin D Could Relieve Vaccine Pressure & Coronavirus Severity

Delilah Roberts

 


8 Tips for a Healthy & Happy Family Lifestyle

Jess Cooper

 


man-office-wearing-covid-mask-pandemic-business-investments

3 Areas Businesses Invested in to Make it Through the Pandemic

Alicia Walker

 


 

EXPLORE MORE ...

black-nav-bar1.png

News & Features ›


Globalization: Is It Good or Bad for Your Business?

Cost of Living Crisis Statistics Revealed: Impact On Business Lending

Best Small Cities to Start a Business in the U.S


Amazon to Invest $4bn in ChatGPT Rival: Consider AI As Race Heats Up

Tackling Climate Change: The Big Companies Reducing Carbon Footprints

The Present & Future Benefits of CRM Solutions - Salesforce Case Study

Will iPhone 15 ‘Wonderlust’ Event Help Apple Recover $200BN Lost?

Philippines' Rich History with Rum – A Dive into Sugar & Spirits

Mothers Are Less Wealthy Than Women Without Children, Study Finds

hor-line-light-blue.png

Tech & Trends ›


web-hosting-reviews-words-on-tablet-screen

Why Reviews Matter When Choosing a Hosting Plan

businessman-working-tablet-coveted-digital-tech

7 Coveted Digital Technologies Businesses Want: Countries Investing Most for Them

person-typing-on-laptop-searching-google

Googling Tips, Tricks & Hacks You Probably Never Knew, But Should


Tech Troubles? 4 Business Strategies To Avoid Tech Disasters

Ransomware Defense: Safeguarding Your Data with Backup Protection

Unlocking the Power of Software-Defined Storage: A Comprehensive Guide

How To Increase App Downloads On Google Play & Other App Stores

Revolutionizing Industries: The Exciting Future of Metaverse & Predictions

Compatibility of Bitcoin with AI Attracting Institutional Investors
 

horizontal yellow line

Arts & Culture ›


Image for Audible Lets You ‘Skip to the Good Part’ in Audio Romance Novels

Audible Lets You ‘Skip to the Good Part’ in Audio Romance Novels

Factors to Consider When Buying Attire for Rallies and Marches

Put a Stop to Procrastination Tendencies


Best Dystopian Novels of All Time That'll Rekindle Your Love of Reading

10 Inspiring & Artistic UK Cities for Creatives

Common Mistakes that Doom Writing Careers

Six Simple Tips to Overcome Wedding Speech Nerves

How to Overcome Uncertainty, Doubt, & Fear - the Bane of Creatives

5 Philosophical Ideas to Make You a Better Writer (& also a Better Person)

hor-line-brn.png

Business & Economy ›


How to Create and Use Good Typography for Your Website Designs

Best Ways to Handle Customer Communication During the Pandemic

Social Media Detox: Is It Good or Bad for Business? (What You Need to Know)


Home Office Upgrades: Online Lenders Can Help Fund Your Office Revamp

Ads Copywriting: Tips to Craft the Best Ads for Mobile Marketing

10 Ways Resourceful People Build Resilience & Turn Failure to Success

The Importance of Web Design in Digital Marketing

Top Link Building Techniques and Tips for Marketers

How to Spy on Your Competitors and Steal Traffic Ethically

Home | About | Contributors | Write for Us | Advertise | Disclosure | Privacy Policy | Contact Us

Follow Us:

twitter_e.jpg linkedin-pg.jpg email-updates_icon.jpg

© 2023 Copyright, The Web Writer Spotlight.

Committed to quality content and journalistic ethics.

RSS rss

Search WWS search-icon-trans_0_1.png

Webwriterspotlight.com. All rights reserved.
x
x