Skip to main content

The top 8 ways hackers gain access to privileged accounts

Edward Snowden is the world's most famous rogue employee. A former NSA contractor who stole highly secretive information and disclosed it to the media, the ramifications of which seem to have no end, the case Snowden might seem like an extreme example - but employees going rogue is not all that uncommon within organisations.

Large organisations typically have thousands of privileged accounts, which are often left unmanaged. Once a hacker accesses a password through one of these internal or external attack vectors, the intruder can leapfrog from system to system, compromising privileged accounts throughout the organisation until the IT infrastructure is mapped and its most valued information can be extracted at will.

Rogue insiders, former employees, criminal hackers and sophisticated state-sponsored attackers can exploit these unmanaged privileged accounts to anonymously access and extract an organisation's most critical data.

In this article, we count down the most common attack vectors, so you can be prepared.

8. Shared Accounts

Looking to cut corners and make things simpler, systems administrators often re-use the same password across multiple systems and among multiple administrators.

While this may be convenient for the IT staff, if a hacker or malicious insider can get hold of this common, shared password, he's just gained access to systems throughout the network.

7. Storing passwords on a spreadsheet

Similar to shared accounts, one seemingly easy way for an IT team to keep up with all the administrator passwords they need for their jobs is to store them on a spreadsheet accessible to the entire IT group.

It seems easy, but how can you track who is accessing these critical passwords and what they're using them for?

6. Don't touch it and it won't break

Large organisations have many specialised passwords called service or process account passwords. These passwords are used in services, tasks, COM applications, IIS, SharePoint and databases. They're difficult to find and track, so these passwords often remain unchanged.

But even if the IT staff does try to change them, the change can potentially result in system crashes and downtime in unexpected ways. So "why bother?" is the common attitude – at least until one of these old, static passwords falls into the wrong hands.

5. Social exploits

A seemingly innocuous email might actually be the finely crafted work of a dangerous hacker. A privileged user inside a corporate network who clicks the wrong link might unknowingly be giving a hacker elevated rights into the network.

Similarly, a clever hacker might be able to simply convince an unsuspecting user into revealing his password or install a flash drive or other device with harmful payload.

4. Brute force

This old school model of hacking involves tools commonly available on the Internet called "rainbow tables" that let hackers quickly break weak password and gain access to the network.

3. Application exploits

Organisations that fail to stay up-to-date with required security patches to their Internet-facing applications are in for a rough ride, with published and unpublished exploits to Web services software, database platforms, and a host of other applications poised to give hackers control of your data.

2. Former IT Admins and Contractors

Former employers and contractors often leave their jobs with their privileged account passwords remaining active – even long after the termination of their employment.

So just because someone is no longer employed doesn't mean he can't still access his former systems and wreak havoc.

1. Default passwords

Many hardware devices, applications and appliances - like firewalls and UTMs - come pre-configured with default passwords that are publicly known. If these default passwords aren't changed, they're an easy access point for a hacker.

Chris Stoneff is director of professional services at Lieberman Software.