Welcome!

News Feed Item

New Report: Advanced Cyber Attacks Reliant on Privileged Credential Exploitation

A new cyber-security report reveals that while new and sophisticated malware variants were continually developed to exploit systems in 2013, criminals, hacktivists and advanced attacks continue to do the most damage by exploiting privileged accounts. Compiled by CyberSheath’s advanced security investigations team and commissioned by CyberArk, “The Role of Privileged Accounts in High Profile Breaches,” also includes a detailed case study covering a Fortune 500 company’s struggle with, and eventual remedy for, a dramatic reduction in recorded breaches.

CyberSheath’s analysis of 10 of 2013’s most notable cyber attacks, including the NSA leak by insider Edward Snowden, point of sale (POS) breaches like the many attacks on retailers, and the attack on the New York Times –found that privileged accounts were on each attacker’s critical path to success 100 percent of the time, regardless of the perimeter attack vector. The research uncovered that increased visibility and actionable intelligence on privileged accounts within an organization’s IT environment greatly increased the ability for those organizations to successfully detect and disrupt an attack.

Highlights from “The Role of Privileged Accounts in High Profile Breaches” report include:

  • A Case Study: The True Cost of a “Do-Nothing” Approach
    The exploitation of privileged accounts detailed in this case study directly led to more than 200 compromised machines, more than 10,000 man hours of overtime, and a total breach cost exceeding $3 million dollars in a six-month span. This real-world example explores one organization’s privilege account problem and highlights lessons-learned throughout the remediation process.
  • High Profile Attacks in 2013 Leveraged Privileged Accounts
    CyberSheath researched and analyzed 10 benchmark attacks throughout 2013, including the NSA leak, POS breaches, the attack on the New York Times, MacRumors, U.S. banking institutions, the Department Of Energy (DOE), South Korean banking and broadcast networks, the Washington Post and attacks revealed by Mandiant’s APT1 report. Each of these attacks happened as a result of privileged account exploitation. The research showed that protecting, managing, and monitoring these accounts, organizations could have stopped these attacks before significant damage was done.
  • Strategic Takeaways For CISOs
    Looking closely at the advanced attack patterns leveraged in these 10 benchmark breaches reveals that the theft, misuse, and exploitation of privileged accounts is a critical step in attack methodology. Key takeaways for CISOs from the CyberSheath report include:
    • The attacks that matter to business exploit privileged accounts 100 percent of the time.
    • Big company or small, organizations have more privileged accounts than they know about and the risk of exposure they represent makes them urgent priorities.
    • Protecting privileged accounts gives CISOs an opportunity to quantify risk reduction and deliver results that can be measured.
    • Privileged accounts represent a clear case for providing a return on investment and reduce risk.
    • Protecting privileged accounts is an opportunity to become a challenging target and take back ground in the fight against advanced threats.
    • Automated privileged account security solutions reduce human error, overhead and operational costs.

For a full copy of the report, please visit: http://cyberark.com/contact/role-privileged-accounts-high-profile-breaches

Supporting Quotes
“Advanced attacks follow a common, multi-stage approach to breaching defences, gathering and exfiltration critical data,” said John Worrall, CMO, CyberArk. “It’s clear that privileged access is required to gain access to target systems and move laterally from system to system. The faster the industry takes notice of the privileged connection to these attacks, the more quickly better defences can be mounted.”

“Companies of all sizes today face an unprecedented number of cyber-attacks from organized, patient and well-funded groups,” said Eric Noonan, CEO, CyberSheath. “We’re starting to see CISO’s shift from band aid point-solution purchases to integrated technologies built on intelligence-gathering features to combat advanced threats.”

About CyberArk
CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world’s leading companies – including 30 of the Fortune 100 and 17 of the world’s top 20 banks – to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikvah, Israel, with U.S. headquarters located in Newton, MA. The company also has offices throughout EMEA and Asia-Pacific. To learn more about CyberArk, visit www.cyberark.com, read the company blog, http://www.cyberark.com/blog/, follow on Twitter @CyberArk or Facebook at https://www.facebook.com/CyberArk.

Copyright © 2014 Cyber-Ark Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
In his session at Cloud Expo, Robert Cohen, an economist and senior fellow at the Economic Strategy Institute, provideed economic scenarios that describe how the rapid adoption of software-defined everything including cloud services, SDDC and open networking will change GDP, industry growth, productivity and jobs. This session also included a drill down for several industries such as finance, social media, cloud service providers and pharmaceuticals.
"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Infrastructure is widely available, but who’s managing inbound/outbound traffic? Data is created, stored, and managed online – who is protecting it and how? In his session at 19th Cloud Expo, Jaeson Yoo, SVP of Business Development at Penta Security Systems Inc., discussed how to keep any and all infrastructure clean, safe, and efficient by monitoring and filtering all malicious HTTP/HTTPS traffic at the OSI Layer 7. Stop attacks and web intruders before they can enter your network.
@DevOpsSummit taking place June 6-8, 2017 at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @DevOpsSummit at Cloud Expo New York Call for Papers is now open.
The many IoT deployments around the world are busy integrating smart devices and sensors into their enterprise IT infrastructures. Yet all of this technology – and there are an amazing number of choices – is of no use without the software to gather, communicate, and analyze the new data flows. Without software, there is no IT. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Dave McCarthy, Director of Products at Bsquare Corporation; Alan Williamson, Principal...
Businesses and business units of all sizes can benefit from cloud computing, but many don't want the cost, performance and security concerns of public cloud nor the complexity of building their own private clouds. Today, some cloud vendors are using artificial intelligence (AI) to simplify cloud deployment and management. In his session at 20th Cloud Expo, Ajay Gulati, Co-founder and CEO of ZeroStack, will discuss how AI can simplify cloud operations. He will cover the following topics: why clou...
Video experiences should be unique and exciting! But that doesn’t mean you need to patch all the pieces yourself. Users demand rich and engaging experiences and new ways to connect with you. But creating robust video applications at scale can be complicated, time-consuming and expensive. In his session at @ThingsExpo, Zohar Babin, Vice President of Platform, Ecosystem and Community at Kaltura, discussed how VPaaS enables you to move fast, creating scalable video experiences that reach your aud...
Cloud Expo, Inc. has announced today that Andi Mann returns to 'DevOps at Cloud Expo 2017' as Conference Chair The @DevOpsSummit at Cloud Expo will take place on June 6-8, 2017, at the Javits Center in New York City, NY. "DevOps is set to be one of the most profound disruptions to hit IT in decades," said Andi Mann. "It is a natural extension of cloud computing, and I have seen both firsthand and in independent research the fantastic results DevOps delivers. So I am excited to help the great t...
Rapid innovation, changing business landscapes, and new IT demands force businesses to make changes quickly. In the eyes of many, containers are at the brink of becoming a pervasive technology in enterprise IT to accelerate application delivery. In this presentation, attendees learned about the: The transformation of IT to a DevOps, microservices, and container-based architecture What are containers and how DevOps practices can operate in a container-based environment A demonstration of how ...
"At ROHA we develop an app called Catcha. It was developed after we spent a year meeting with, talking to, interacting with senior citizens watching them use their smartphones and talking to them about how they use their smartphones so we could get to know their smartphone behavior," explained Dave Woods, Chief Innovation Officer at ROHA, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lead...
Without lifecycle traceability and visibility across the tool chain, stakeholders from Planning-to-Ops have limited insight and answers to who, what, when, why and how across the DevOps lifecycle. This impacts the ability to deliver high quality software at the needed velocity to drive positive business outcomes. In his general session at @DevOpsSummit at 19th Cloud Expo, Phil Hombledal, Solution Architect at CollabNet, discussed how customers are able to achieve a level of transparency that e...
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.