How to protect your network from privilege abuse attacks.

Privilege abuse decoded.

Privilege abuse, as the name suggests, is the process of misusing special rights granted to privileged accounts, accidentally or intentionally, for tasks that do not adhere to the organization’s policies.

The 2018 Insider Threat Report specifies that 37 percent of privilege abuse attacks happen due to organizations granting users greater access control than required.

Is privilege abuse worth the worry?

Privilege abuse can critically affect almost every vertical in the world. Let's look at the damage privilege abuse can cause in a few verticals.

Financial agencies

A privileged user at a financial agency, say an account manager, tries to steal clients' money by using their access to financial records. The company finds itself facing legal charges the very next day.

Government companies

Consider a government organization with databases storing confidential information about that country’s citizens. A privileged user goes rogue and steals the identities of hundreds or possibly thousands of people. They then use those stolen identities for any number of things, including to gain access to victims’ bank accounts.

Educational institutions

In an effort to cut costs, a university enlists students to build an attendance management system. To properly implement this project, the students need access to critical data. These students use this access to modify their grades, class ranking, tuition fees, and more.

Most common types of privilege abuse attacks

Attacks due to privilege creep

Privilege escalation attack

Account hijacking

Attacks due to privilege creep

A best practice for security management is to revoke a user’s special rights once their designated task is completed. However, due to lack of proper monitoring by technicians, most of these rights are not revoked on time. Over time, accounts can accumulate specific privileges; this phenomenon is known as privilege creep. This can result in accidental or intentional misuse of rights for fraudulent or malicious activities.
Privilege escalation attack

Privilege escalation is the process of users elevating their permissions to gain greater access rights. For instance, a user might chance upon the saved passwords of a privileged user (say, an administrator) and use that privileged account to elevate their own privileges in the organization.
Account hijacking

An attacker may steal the credentials of another user, and then impersonate that user by logging in to their account. The attacker may then use the privileges assigned to the victim's account for carrying out malicious plans.

Airtight methods to control privilege abuse.

Assign NTFS permissions with precision

Careless handling of NTFS permissions can land your organization in hot water. Even so, many technicians take the easy route of granting full control to most users, as granular configuration of permissions using the native tools is cumbersome. A better practice is to review a summary of who has what kind of access to which folders before you decide on assigning fresh permissions to users.

Lock down inactive accounts

Attackers can easily hijack the accounts of inactive users, such as the accounts of employees who have gone on vacation. To prevent ungoverned inactive accounts from opening the door for account hijacking, make it a rule of thumb to disable such accounts.

Streamline privilege management

Privilege creep happens because technicians forget to revoke the assigned permissions on time. This can easily be prevented by automating the process of removing users from privileged groups when they no longer need access. Additionally, for easy administration of permissions, you can create a group containing all the users you want to provide with full control.

Delegate tasks granularly

Keep your roles and access rights in line with each other by delegating only the necessary rights to the required roles. While delegating access rights, assign special rights only to the required OUs, and be very restrictive with the type of tasks that a technician can perform in an OU.

Automate stale account cleanup

When an organization’s offboarding policies are not rigidly followed, ex-employees may retain access rights to business-critical resources. This unauthorized access can wreak havoc for an organization. Therefore, it's essential to construct proper deprovisioning policies and automate the offboarding process to prevent errors.

Document the rights elevation process

To prevent incidents of privilege escalation, use a documented request approval process for elevating rights. Documenting the request approval process empowers you to decide whether the privilege elevation is warranted or not.