Unveiling the Weaknesses Beneath Your Defenses In Recent Report

Imagine this: you’ve built a fortress of cybersecurity defenses – firewalls, intrusion detection systems.. Yet, a nagging feeling persists – a vulnerability lurking beneath the surface. You’re not entirely wrong. A new report by Silverfort sheds light on a critical and often overlooked gap in our understanding of cyber threats: identity security weaknesses.

Traditional threat reports focus heavily on the flashy elements – malware strains, attacker profiles, and the intricate dance of cyberattacks. But what about the underlying identity issues that attackers exploit in nearly every cyberattack? This is where Silverfort’s Identity Underground report steps in, offering a refreshing perspective.

Mapping the Identity Underbelly

The Identity Underground is the first report to delve into the most critical identity security weaknesses that lead to a trifecta of trouble for organizations:

• Credential Theft: Attackers steal user login credentials, the keys to the kingdom.
• Privilege Escalation: Once inside, attackers leverage these stolen credentials to gain access to higher levels of permissions within a system, becoming more powerful.
• Lateral Movement: With elevated privileges, attackers move undetected across different systems within a network, expanding their reach and wreaking havoc.

These weaknesses, called Identity Threat Exposures (ITEs), aren’t vulnerabilities themselves. They’re inherent flaws in identity infrastructure that attackers readily leverage. Imagine them as cracks in the foundation of your cybersecurity fortress.

The report analyzes data from hundreds of live production environments to identify the most prevalent and impactful ITEs.

Shocking Statistics: A Reality Check on Identity Security

The report uncovers some eye-opening statistics that paint a concerning picture of our current identity security posture:

• A Staggering Number of Dormant Accounts: A whopping 31% of users are service accounts – accounts used for machine-to-machine communication – often with high privileges and low visibility. This creates a prime target for attackers seeking a foothold.
• Deadwood Users: A concerning 13% of user accounts are simply inactive and unnecessary. These dormant accounts are like unlocked doors in your network, waiting to be exploited.
• Unchecked Delegation: A risky 12% of admin accounts have unrestricted delegation capabilities. Delegation allows one user to grant access to resources on behalf of another. Unrestricted delegation essentially hands attackers the keys to the vault if they gain control of an admin account.

The Four Horsemen of Identity Threats: Understanding ITEs

The Identity Underground classifies ITEs into four categories, each one a potential gateway for attackers:

1. Password Exposers: These weaknesses allow attackers to steal cleartext passwords, the crown jewels of identity security. Examples include NTLM authentication, an outdated and insecure authentication protocol, and admins with Service Principal Names (SPNs). SPNs are used for machine authentication, but misconfigurations can leave them vulnerable to abuse.
2. Privilege Escalators: These weaknesses enable attackers to gain higher privileges within a system, becoming more powerful. Shadow admins (unnecessary accounts with admin-level access) and unconstrained delegation, as mentioned earlier, are prime examples of how attackers can elevate their access.
3. Lateral Movers: Once inside and with elevated privileges, attackers leverage these weaknesses to move undetected across a network. Service accounts, those workhorse accounts for system communication, and prolific users with excessive access fall under this category. Attackers can exploit these accounts to pivot from one system to another, expanding their reach.
4. Protection Dodgers: These weaknesses allow attackers to bypass security controls altogether. The report mentions syncing password hashes between on-prem and cloud environments as an example. This practice inadvertently exposes on-prem weaknesses (like weak passwords) to the cloud, potentially compromising cloud security as well.

Taking Action: Fortifying Your Identity Security

The good news is that you can take proactive steps to combat ITEs and strengthen your identity security:

• Shine a Light: Identify and Eliminate ITEs: Gaining visibility into your ITEs is the first step. The report recommends following Microsoft’s best practices to identify and eliminate ITEs stemming from misconfigurations or bad practices. This could involve disabling NTLM authentication or cleaning up unnecessary service accounts.
• Monitor and Contain Existing Risks: For unavoidable ITEs, like the need for service accounts, implement close monitoring for suspicious activity. This can involve utilizing security information and event management (SIEM) solutions to detect anomalies in service account behavior.
• Preventative Measures: Implement Multi-Layered Security: Enforce Multi-Factor Authentication (MFA) and access controls to safeguard user accounts and service accounts. MFA adds an extra layer of security by requiring a second factor, like a code from your phone, for login. Implementing the principle of least privilege can also help – users should only have the access level necessary.

Reach out to us at PivIT Strategy to understand if your business faces these vulnerabilities and how to protect from them.