Privileged Account Management: Lessons from the Sony Hack 2023
In this article we will learn about Privileged Account Management.
Introduction[What is Privileged Account Management]:
CNN recently revealed a cyberattack methodology that allowed anonymous Guardians of Peace cybercriminals direct access to their network, or βthe keys to the entire building,β as one Sony Pictures Entertainment official put it. According to investigators, the attack was carried out through a set of stolen system administrator credentials; privileged account username and password providing a golden gateway to unrestricted access to employee records, unreleased films, intellectual property, email conversations and other sensitive data. The breach has now escalated into a matter of national security, with the FBI naming North Korea as the nation-state responsible for the attack, based on a recent agency press release.
Why Hackers Love IT Admin Credentials
Access to system administrator credentials may have been the key to enabling the Peacekeepers to carry out an attack of the length and complexity they achieved; held sensitive data hostage along with ominous threats to moviegoers unless screenings of the upcoming satirical comedy The Interview were canceled and their demands met.
It’s hard to say exactly what happened because the rough details of how the hack was done have not yet been released. Based on the information currently available, it is safe to say that Sony had a very poor password policy for their privileged accounts. Despite the fact that this is widely known not to be the case, Sony still stored sensitive system-level passwords in plain text in Excel spreadsheets and used extremely weak passwords such as “password” on said accounts. The public does not know how often Sony actively rotated and changed the passwords on these sensitive credentials, or whether they remained dormant for long periods of time.
While it is not certain that implementing all of these password security measures would stop attackers completely, it would mitigate the damage and perhaps slow attackers down enough to thwart an attack before it is fully executed.
Our own research, conducted this August at the Black Hat conference, shows that hackers looking for sensitive company data do not look to senior executives as the most likely suspects for security vulnerabilities. Thirty-six percent of the hackers we surveyed said IT administrators were the first place they looked when trying to break into a corporate network β second only to independent contractors. These groups are at high risk of attack because the nature of their work typically involves direct access to servers and systems containing sensitive company data such as billing and customer data. Once an attacker gains control of credentials, they can quickly compromise systems, move laterally, and gain control of the network.
Securing a privileged account must be a top priority
As hacker intelligence evolves faster than prevention technologies allow, the perimeter is not the secure defender it used to be. It is inherently porous and can only block a certain percentage of those trying to access the network. Once inside, an attacker looks for anything of value and will often focus on credentialing a privileged account to gain access to these gems quickly and efficiently.
It is in Sony’s best interest to invest in safe storage, security and management of privileged account credentials such as system admin, database admin, ROOT and service account passwords to prevent something like this from happening again.
This cyberattack is a wake-up call for all businesses that neglect to regularly maintain passwords belonging to these types of service accounts β especially companies that have recently undergone any type of downsizing, IT role relocation, or new offices in other locations. If these accounts are unchecked, they are extremely vulnerable. Hackers count on it.
What’s next for Sony Pictures?
Given the current evidence of poor security practices and the resulting brand and financial damage at Sony Pictures, it is unlikely that they would use any form of third-party auditing or even a first-party audit of outdated security policies. I expect that will change for them in the future. If they’re smart, they’ll ask a third-party vendor to properly review and regularly evaluate their security policies.
The truth is that the damage was done. Emails leaked, data compromised. This cannot be fixed. Sony, like any other company that has experienced a data breach, needs to learn from its mistakes and move forward. Sony Pictures will most likely turn to a consultancy to help them repair the damage and implement a Privileged Account Management (PAM) solution.
Related article;Ethical Hacking Interview Questions 2023
PAM must play a central role in rebuilding their IT security infrastructure. Limiting account access, regularly rotating privileged passwords, and auditing account usage are key strategic elements that will not only reduce the current level of risk, but help set an example for other businesses across the industry. The biggest benefit of the Sony hack is that no one should have to wait for a breach to start securing their privileged accounts.
