by David Levine, on Apr 26, 2022
A common attack method used today is known as Supply-Chain Attack. A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less-secure elements in their supply chain. Supply-Chain Attacks may not attack your company directly; however, an attack on your organization thru your supply chain can be more catastrophic than a direct attack because it is leveraging a pathway that is generally set up with implicit trust.In the case of U.S.-based software provider, Accellion, cybercriminals targeted users of the company’s 20-year-old file sharing software. Accellion customers included law firms and cybersecurity companies that used the software to access sensitive client information that was compromised by ransomware gangs and cyber thieves.
Often, when a third party is compromised, credentials are used or posted that can be used to attack your organization. If a malicious user or cybercriminal knows a username, then acquiring the password simply becomes a level of effort exercise. If those credentials have elevated privileges, then often there is the ability to move laterally throughout the organization with direct access to sensitive systems and data or those credentials can be used to find, elevate, or even create new admin accounts to gain and expand persistence across the organization.
To prevent these types of privileged escalation attacks, organizations need to not only discover but the assess the risk of privileged accounts. By discovering, assessing, and removing the standing privileged accounts, those accounts with standing elevated privileges, that are always available 24x7x365.
By adopting a Zero Standing Privilege policy and allowing access only when needed many of the recent supply chain attacks could be prevented.
