At some time or another if you work for an organization that utilizes basic security techniques, and runs Windows based workstations you have probably seen a similar message. The reason that message is coming up is that the corporate IT department has provided users with standard users accounts, or least privileged accounts. For a bad actor gaining credentials to any account is fantastic, but elevating the privileges of that account is when real damage can occur.
A common tactic that an external actor will use is a phishing campaign to attempt to compromise low level credentials. The credentials allow the initial access to the corporate systems, and once inside the bad actor will pivot and move laterally throughout the environment in an attempt to find a dormant admin account, or utilize some kind of pass-the-hash attack to steal hashed credentials.
Organizations are able to combat EoP with a variety of techniques. Implementing a policy of least privilege sounds great in theory, but it is often met with a lot of blowback from end users who see this as a hindrance to performing their job duties. One option an organization can turn to is a Privilege Access/Identity Management system. Systems like PowerBroker from BeyondTrust allow end users to operate as a standard user, and then when necessary specific applications are elevated. This allows users to still have the functionality that is required, without having to call the help desk for every task on the PC.
No comments:
Post a Comment