Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Privileged account potentially exposes web hosting subscribers

CyberArk Software : 25 July, 2013  (Technical Article)
Cyber-Ark comments on the importance of privileged account access management after breach at major web-hosting company
Privileged account potentially exposes web hosting subscribers

A warning from OVH, a webhosting company, has recently been issued following a security breach that has impacted its global customer base.  An advisory on the company website stated that a hacker had obtained access to an email account of one of its system administrators, which the hacker was ultimately able to make use of to ‘compromise the access of one of the system administrators who handles the internal backoffice’.  Once the attacker had successfully hijacked this privileged account, they were then able to recover a database housing information on customers in Europe and gain access to an installation service in Canada.

John Worrall, CMO at Cyber-Ark, has made the following comments: “This breach is yet another example of why the theft and exploitation of privileged accounts is a critical and devastating part of the advanced threat attack cycle.  In this case, the details of how the perimeter was breached have yet to be divulged, however, this is arguably a secondary concern.  Businesses now have to assume that attackers are already on the inside.  Indeed, the critical part of this attack, and what every organisation should take away from it, is the fact that the attacker specifically targeted the system administrator to gain their privileged access.  Once successful, the attacker was effectively able to move from system to system undetected until they reached the information they were looking for.  In the case of OVH, this was personal information, such as names, addresses, cities, telephone records and account passwords.

“This same pattern has been detected time and again and has been used in some of the most devastating breaches in recent memory, including Saudi Aramco, South Korea, Global Payments, the South Carolina Department of Revenue, and the U.S. Department of Energy among many others.  Businesses need to proactively secure these privileged accounts, making sure all activity is monitored and that a complete audit trail of who accesses the account and what they did with it, is available.  In addition, organisations must be vigilant in demanding that cloud and hosting providers enact tight security controls around their own privileged accounts – if the provider can’t do this satisfactorily, then data and assets are put at undue risk.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo