Cyber Attackers posing as Legitimate Insiders

Cyber Attackers posing as Legitimate Insiders

61 percent cite privileged account takeover as most difficult cyber attack stage to mitigate; 44 percent still believe they can prevent attackers from breaking into a network

Cyber attacks that exploit privileged and administrative accounts – the credentials used to manage and run an organisation’s IT infrastructure – represent the greatest enterprise security risks, according to a new survey released by CyberArk (NASDAQ: CYBR).

Sixty-one percent of respondents cited privileged account takeover as the most difficult stage of a cyber attack to mitigate, up from 44 percent last year. In addition, 48 percent believe that data breaches are caused by poor employee security habits, while 29 percent blame attacker sophistication. The findings are part of CyberArk’s 9th Annual Global Advanced Threat Landscape Survey, developed through interviews with 673 IT security and C-level executives.

CyberArk analysed potential discrepancies between damaging cyber security threats and organisations’ confidence in being able to defend themselves. While there is increasing awareness about the connection between privileged account takeover as a primary attack vector and recent, high profile breaches, many organisations are still focusing on perimeter defences.

With more than half of respondents believing they could detect an attack within days, CyberArk warns that many IT and business leaders may not have a full picture of their IT security programmes. Looking beyond the tip of the iceberg with perimeter defences and phishing attacks – organisations must be able to protect against more devastating compromises happening inside the network, like Pass-the-Hash and Kerberos ‘Golden Ticket’ attacks.

Key findings of the 2015 survey include:

Beyond the breach – attackers going for complete network takeover
As demonstrated by attacks on Sony Pictures, the U.S. Office of Personnel Management (OPM) and more, once attackers steal privileged accounts, they can conduct a hostile takeover of network infrastructure or steal massive amounts of sensitive data. These powerful accounts give attackers the same control as the most powerful IT users on any network. By being able to masquerade as a legitimate insider, attackers are able to continue to elevate privileges and move laterally throughout a network to exfiltrate valuable data.

Respondents were asked which stage of an attack is the most difficult to mitigate:

• 61 percent cited privileged account takeover; versus 44 percent in 2014

• 21 percent cited malware installation

• 12 percent cited the reconnaissance phase by the attackers

Respondents were asked what attack vectors represented the greatest security concern:

• 38 percent cited stolen privileged or administrative accounts

• 27 percent cited phishing attacks

• 23 percent cited malware on the network

False confidence in corporate security strategies
CyberArk’s survey highlights that while respondents display public confidence in their CEOs’ and directors’ security strategies, the tactics being employed by organisations can contradict security best practices. Despite industry research showing that it typically takes organisations an average of 200 days to discover attackers on their networks, a majority of respondents believe they can detect attackers within days or hours. Respondents also persist in believing that they can keep attackers off the network entirely – despite repeated evidence to the contrary.

· 55 percent believe they can detect a breach within a matter of days; 25 percent believe they can detect a breach within hours

· 44 percent still believe that they can keep attackers off of a targeted network

· 48 percent believe poor employee security habits are to blame for data breaches; 29 percent believe attackers are simply too sophisticated

· 57 percent of respondents were confident in the security strategies set forth by their CEO or Board of Directors

Organisations fail to recognise dangers of attacks on the Inside
Cyber attackers continue to evolve tactics to target, steal and exploit privileged accounts – the keys to successfully gaining access to an organisation’s most sensitive and valuable data. While many organisations focus heavily on defending against perimeter attacks like phishing, attacks launched from inside an organisation are potentially the most devastating. Respondents were asked to rank the type of attacks they were most concerned about:
· Password hijacking (72 percent)
· Phishing attacks (70 percent)
· SSH key hijacking (41 percent)
· Pass-the-Hash attacks (36 percent)
· Golden Ticket attacks (23 percent)
· Overpass-the-Hash attacks (18 percent)
· Silver Ticket attacks (12 percent)

Overpass-the-Hash, Silver Ticket and Golden Ticket are types of Kerberos attacks, which can enable complete control over a target’s network by taking over the domain controller. One of the most dangerous is a Golden Ticket attack, which can mean “game over” for an organisation and complete loss of trust in the IT infrastructure.

“It is no longer acceptable for organisations to presume they can keep attackers off their network,”

said John Worrall, CMO, CyberArk.

“The most damaging attacks occur when privileged and administrative credentials are stolen, giving the attacker the same level of access as the internal people managing the systems. This puts an organisation at the mercy of an attacker’s motivation – be it financial, espionage or causing harm to the business. The survey points to increasing awareness of the devastating fallout of privileged account takeover, which we hope will continue to spur a ripple effect in the market as organisations acknowledge they must expand security strategies beyond trying to stop perimeter attacks like phishing.”

[su_button url=”http://www.cyberark.com/ThreatSurvey2015″ target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here to download the complete Global Advanced Threat Landscape Survey results for free[/su_button]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

OneLink

Product Spotlight – Gallagher’s OneLink

Gallagher Security presents, OneLink – the product that is elevating remote security through the power of the cloud 
Pinaccle systems

Pinnacle Systems further supports Installers and System Integrators

Pinnacle Systems has launched the Pinnacle Partner Programme, a new initiative designed to provide enhanced support for installers…
Stephen Tickle

Comelit-PAC Appoints Stephen Tickle as Regional Sales Manager

Comelit-PAC has appointed Stephen Tickle as its new Regional Sales Manager.  Stephen will focus on supporting PAC’s access control…
Intersec Saudi

Intersec Saudi Arabia returns with record exhibition space

Intersec Saudi Arabia, the premier industry platform for security, safety and fire protection, will return to the Riyadh…
Abloy UK

Abloy Academy breaks attendance records

Abloy UK has achieved record breaking attendance at its Academy, with more professionals than ever attending its…
Hikvision

Hikvision Introduces X-ray Baggage Inspection System

Hikvision India has recently introduced X-ray Baggage Inspection System with AI- enabled Intelligent Recognition Capabilities…
GBV

IFPO Column: The Quiet Signals of Danger

Yoyo Hamblen of IFPO and Gary Simpson, Nonverbal and Behavioural specialist discuss the important topic of Gender-Based Violence..
Doorbird Carousel

Product Spotlight – Door Communication for the “Neue Wallufer”

 A customised solution case study for a residential complex is presented by DoorBird and CompuNet Systems GmbH 
suprema

Suprema Achieves EN 60839 Certification

Suprema, a global provider of AI-powered access control and security solutions, has achieved EN 60839-11-1:2013 Grade 3 certification
ASSA ABLOY

Electric locks are a vital component in digital access

To protect the important openings in their buildings, organizations need locks they can trust. This means more than just strength…
Scroll to Top