Phishing attacks continue to be a preferred method of hackers, according to the fifth annual State of the Phish Report. Of the nearly 15,000 cybersecurity professionals surveyed for the report, 83 percent said their organizations experienced phishing attacks in 2018, up from 76 percent in 2017.
Traditionally, hackers have used phishing attacks to distribute ransomware and other malware. In 2018, however, compromised accounts bypassed malware infections as the most commonly identified impact of successful phishing attacks. Credential compromise has increased 70 percent since 2017 and 280 percent since 2016. By way of contrast, only 10 percent of survey respondents experienced a ransomware attack last year.
To effectively combat phishing attacks, cybersecurity teams must look at both the number of incoming threats and each threat’s severity. Users with the highest threat volume do not always represent the greatest risk. Likewise, the lowest threat volume does not always equal the lowest risk as highly targeted threats are often more dangerous than widespread campaigns. Targeted attacks are designed to obtain credentials from users with high-level, privileged access.
Further, the account credentials obtained in a phishing attack might not be the ultimate prize. If the credentials provide local admin rights to a workstation, a hacker can use a technique called “pass-the-hash” to obtain all the password hashes that are stored in that machine’s memory. As we explained in a previous post, the hacker simply has to find a machine that was accessed recently by an IT administrator. The hacker then has privileged credentials and can move vertically through the network to gain high-level access.
That’s why it’s critically important to strictly limit local admin rights. However, a 2018 study found that 57 percent of organizations give users administrator-level control over their workstations. That number increases to a whopping 69 percent with the largest enterprises. The justification for this practice is that users might need to install software or run programs that require elevated privileges and don’t want to wait for IT support. In other words, security sometimes takes a back seat to convenience.
CyberArk’s Endpoint Privilege Manager can help you enforce least privilege access across your environment without impacting user productivity or increasing IT support costs. This powerful tool enables you to automatically create privilege escalation policies for trusted applications, so users gain elevated privileges as needed without local admin rights. Administrator credentials are protected in the Enterprise Password Vault, and Endpoint Privilege Manager can detect and block attempts to steal credentials stored by Windows systems and web browsers.
Because elevated privileges can be used to install malware, CyberArk quickly analyzes the risk associated with any application that attempts to run on a protected workstation. Malicious applications are prevented from launching, while unknown apps are allowed to run in a “restricted mode” that prevents them from accessing the Internet or corporate resources.
Phishing attacks are on the rise, and hackers are looking to reel in user credentials. If your users have administrator-level access to their workstations, attackers can gain elevated privileges that give them access to sensitive systems and data. CyberArk’s Endpoint Privilege Manager lets you restrict local admin rights while seamlessly granting users elevated privileges according to policy. Clango’s engineers can show you how.
For more information about restricting local admin rights, please send us an email at (firstname.lastname@example.org).