Click here to close now.

SYS-CON MEDIA Authors: Liz McMillan, Elizabeth White, Dana Gardner, tru welu, Blue Box Blog

News Feed Item

New Report: Advanced Cyber Attacks Reliant on Privileged Credential Exploitation

A new cyber-security report reveals that while new and sophisticated malware variants were continually developed to exploit systems in 2013, criminals, hacktivists and advanced attacks continue to do the most damage by exploiting privileged accounts. Compiled by CyberSheath’s advanced security investigations team and commissioned by CyberArk, “The Role of Privileged Accounts in High Profile Breaches,” also includes a detailed case study covering a Fortune 500 company’s struggle with, and eventual remedy for, a dramatic reduction in recorded breaches.

CyberSheath’s analysis of 10 of 2013’s most notable cyber attacks, including the NSA leak by insider Edward Snowden, point of sale (POS) breaches like the many attacks on retailers, and the attack on the New York Times –found that privileged accounts were on each attacker’s critical path to success 100 percent of the time, regardless of the perimeter attack vector. The research uncovered that increased visibility and actionable intelligence on privileged accounts within an organization’s IT environment greatly increased the ability for those organizations to successfully detect and disrupt an attack.

Highlights from “The Role of Privileged Accounts in High Profile Breaches” report include:

  • A Case Study: The True Cost of a “Do-Nothing” Approach
    The exploitation of privileged accounts detailed in this case study directly led to more than 200 compromised machines, more than 10,000 man hours of overtime, and a total breach cost exceeding $3 million dollars in a six-month span. This real-world example explores one organization’s privilege account problem and highlights lessons-learned throughout the remediation process.
  • High Profile Attacks in 2013 Leveraged Privileged Accounts
    CyberSheath researched and analyzed 10 benchmark attacks throughout 2013, including the NSA leak, POS breaches, the attack on the New York Times, MacRumors, U.S. banking institutions, the Department Of Energy (DOE), South Korean banking and broadcast networks, the Washington Post and attacks revealed by Mandiant’s APT1 report. Each of these attacks happened as a result of privileged account exploitation. The research showed that protecting, managing, and monitoring these accounts, organizations could have stopped these attacks before significant damage was done.
  • Strategic Takeaways For CISOs
    Looking closely at the advanced attack patterns leveraged in these 10 benchmark breaches reveals that the theft, misuse, and exploitation of privileged accounts is a critical step in attack methodology. Key takeaways for CISOs from the CyberSheath report include:
    • The attacks that matter to business exploit privileged accounts 100 percent of the time.
    • Big company or small, organizations have more privileged accounts than they know about and the risk of exposure they represent makes them urgent priorities.
    • Protecting privileged accounts gives CISOs an opportunity to quantify risk reduction and deliver results that can be measured.
    • Privileged accounts represent a clear case for providing a return on investment and reduce risk.
    • Protecting privileged accounts is an opportunity to become a challenging target and take back ground in the fight against advanced threats.
    • Automated privileged account security solutions reduce human error, overhead and operational costs.

For a full copy of the report, please visit: http://cyberark.com/contact/role-privileged-accounts-high-profile-breaches

Supporting Quotes
“Advanced attacks follow a common, multi-stage approach to breaching defences, gathering and exfiltration critical data,” said John Worrall, CMO, CyberArk. “It’s clear that privileged access is required to gain access to target systems and move laterally from system to system. The faster the industry takes notice of the privileged connection to these attacks, the more quickly better defences can be mounted.”

“Companies of all sizes today face an unprecedented number of cyber-attacks from organized, patient and well-funded groups,” said Eric Noonan, CEO, CyberSheath. “We’re starting to see CISO’s shift from band aid point-solution purchases to integrated technologies built on intelligence-gathering features to combat advanced threats.”

About CyberArk
CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world’s leading companies – including 30 of the Fortune 100 and 17 of the world’s top 20 banks – to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikvah, Israel, with U.S. headquarters located in Newton, MA. The company also has offices throughout EMEA and Asia-Pacific. To learn more about CyberArk, visit www.cyberark.com, read the company blog, http://www.cyberark.com/blog/, follow on Twitter @CyberArk or Facebook at https://www.facebook.com/CyberArk.

Copyright © 2014 Cyber-Ark Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
The consumption economy is here and so are cloud applications and solutions that offer more than subscription and flat fee models and at the same time are available on a pure consumption model, which not only reduces IT spend but also lowers infrastructure costs, and offers ease of use and availability. In their session at 15th Cloud Expo, Ermanno Bonifazi, CEO & Founder of Solgenia, and Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia, discussed this shifting dynamic with an ...
As enterprises engage with Big Data technologies to develop applications needed to meet operational demands, new computation fabrics are continually being introduced. To leverage these new innovations, organizations are sacrificing market opportunities to gain expertise in learning new systems. In his session at Big Data Expo, Supreet Oberoi, Vice President of Field Engineering at Concurrent, Inc., discussed how to leverage existing infrastructure and investments and future-proof them against e...
Due of the rise of Hadoop, many enterprises are now deploying their first small clusters of 10 to 20 servers. At this small scale, the complexity of operating the cluster looks and feels like general data center servers. It is not until the clusters scale, as they inevitably do, when the pain caused by the exponential complexity becomes apparent. We've seen this problem occur time and time again. In his session at Big Data Expo, Greg Bruno, Vice President of Engineering and co-founder of StackI...
Once the decision has been made to move part or all of a workload to the cloud, a methodology for selecting that workload needs to be established. How do you move to the cloud? What does the discovery, assessment and planning look like? What workloads make sense? Which cloud model makes sense for each workload? What are the considerations for how to select the right cloud model? And how does that fit in with the overall IT transformation?
The recent trends like cloud computing, social, mobile and Internet of Things are forcing enterprises to modernize in order to compete in the competitive globalized markets. However, enterprises are approaching newer technologies with a more silo-ed way, gaining only sub optimal benefits. The Modern Enterprise model is presented as a newer way to think of enterprise IT, which takes a more holistic approach to embracing modern technologies.
For better or worse, DevOps has gone mainstream. All doubt was removed when IBM and HP threw up their respective DevOps microsites. Where are we on the hype cycle? It's hard to say for sure but there's a feeling we're heading for the "Peak of Inflated Expectations." What does this mean for the enterprise? Should they avoid DevOps? Definitely not. Should they be cautious though? Absolutely. The truth is that DevOps and the enterprise are at best strange bedfellows. The movement has its roots in t...
The true value of the Internet of Things (IoT) lies not just in the data, but through the services that protect the data, perform the analysis and present findings in a usable way. With many IoT elements rooted in traditional IT components, Big Data and IoT isn’t just a play for enterprise. In fact, the IoT presents SMBs with the prospect of launching entirely new activities and exploring innovative areas. CompTIA research identifies several areas where IoT is expected to have the greatest impac...
There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. 8th International Big Data Expo, co-located with 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - has announced its Call for Papers is open. As advanced data storage, access and analytics technologies aimed at handling high-volume and/or fast moving data all move center stage, aided by the cloud computing bo...
Every day we read jaw-dropping stats on the explosion of data. We allocate significant resources to harness and better understand it. We build businesses around it. But we’ve only just begun. For big payoffs in Big Data, CIOs are turning to cognitive computing. Cognitive computing’s ability to securely extract insights, understand natural language, and get smarter each time it’s used is the next, logical step for Big Data.
The 4th International Internet of @ThingsExpo, co-located with the 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - announces that its Call for Papers is open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
Enterprises are fast realizing the importance of integrating SaaS/Cloud applications, API and on-premises data and processes, to unleash hidden value. This webinar explores how managers can use a Microservice-centric approach to aggressively tackle the unexpected new integration challenges posed by proliferation of cloud, mobile, social and big data projects. Industry analyst and SOA expert Jason Bloomberg will strip away the hype from microservices, and clearly identify their advantages and d...
There's no doubt that the Internet of Things is driving the next wave of innovation. Google has spent billions over the past few months vacuuming up companies that specialize in smart appliances and machine learning. Already, Philips light bulbs, Audi automobiles, and Samsung washers and dryers can communicate with and be controlled from mobile devices. To take advantage of the opportunities the Internet of Things brings to your business, you'll want to start preparing now.
In a world of ever-accelerating business cycles and fast-changing client expectations, the cloud increasingly serves as a growth engine and a path to new business models. Dynamic clouds enable businesses to continuously reinvent themselves, adapting their business processes, their service and software delivery and their operations to achieve speed-to-market and quick response to customer feedback. As the cloud evolves, the industry has multiple competing cloud technologies, offering on-premises ...
The 5th International DevOps Summit, co-located with 17th International Cloud Expo – being held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the...
Over the years, a variety of methodologies have emerged in order to overcome the challenges related to project constraints. The successful use of each methodology seems highly context-dependent. However, communication seems to be the common denominator of the many challenges that project management methodologies intend to resolve. In this respect, Information and Communication Technologies (ICTs) can be viewed as powerful tools for managing projects. Few research papers have focused on the way...