Centrify has warned that the privileged password practice which allowed the comprehensive “Alf” software hack of an Australian defence contractor is disturbingly widespread.Cybersecurity leader
Earlier this week, the Australian Cyber Security Centre (ACSC) revealed details of a data breach in which 30 gigabytes of sensitive information was stolen between July and November last year from 50-person aerospace engineering firm that subcontracts to the Department of Defence. The Australian Signals Directorate (ASD) codenamed the attacker Alf, after a character in the long-running Australian TV soap opera Home and Away.
Subsequent reports state the hacker stole sensitive data including restricted technical information on the F-35 Joint Strike Fighter, the P-8 Poseidon maritime patrol aircraft, the C-130 transport aircraft, the Joint Direct Attack Munition (JDAM) smart bomb kit, and Australian naval vessels.
The hacked defence subcontractor had all IT-related functions managed by just one person, who had been in the role for only nine months. While initial access came from exploiting a 12-month-old vulnerability in the company’s IT Helpdesk Portal, the hacker used a common Local Administrator account password with access to all servers for lateral movement within the network. This provided access to email and other sensitive data.
Centrify Senior Director APAC Sales Niall King said the practice of allowing privileged administrator accounts to have extensive network access was disturbingly widespread. “Verizon recently reported that 80 per cent of breaches are due to compromised credentials,” he said.
“The lesson is that users and administrators should never run their computer with administrative privileges unless they are required to do a specific task. This is where the ‘Least Privilege’ model advocated and implemented by Centrify is important: It assigns users and administrators with privileges on a temporary basis to perform specific tasks on specific machines.
“Least Privilege Access ensures that if an exploit or attack occurs, it will not have the privileged access necessary to cause sustained damage. Security can be improved further by mandating multi-factor authentication (MFA) approval by the user before a privileged task executes.”
Centrify redefines security from a legacy static perimeter-based approach to protecting millions of scattered connections in a boundaryless hybrid enterprise. As the only industry recognised leader in both Privileged Identity Management and Identity-as-a-Service, Centrify provides a single platform to secure each user’s access to apps and infrastructure through the power of identity services. This is Next Dimension Security in the Age of Access. Centrify is enabling more than 5000 customers, including over half the Fortune 50 in the US, to defend their organisations. To learn more visit www.centrify.com.
The Breach Stops Here.
Centrify is a registered trademark and Centrify Server Suite, Centrify Privilege Service and Centrify Identity Service are trademarks of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.
- Centrify boosts privileged access support for hybrid IT Lachlan McKenzieCentrify, the leader in securing enterprise identities against cyberthreats, has announced significant enhancements to its industry leading privileged identity mana...
- Centrify delivers industry’s first unified identity solution for SaaS and mobile management for the workplace New Cloud-based Identity-as-a-Service Solution Enables Organizations to Solve Users’ Password Sprawl Problems and Secure Devices Accessing Cloud and Mobile Apps SUNNYVALE, Calif. ...
- Centrify delivers industry’s first unified identity solution for security and management of Mac users and their mobile devices in the workplace Centrify is Only Vendor to Provide Robust AD-based Authentication, Policy Management, Single Sign-On and User Self-Service for Connected and Disconnected Macs Centrify Corporation...
- Half Aussie IT managers report weekly cyber breach A new report released today by Centrify Corporation reveals that nearly half of Australian IT managers believe their organisations experience attempted data breaches every week. W...