Resources Articles Inside the Cloud: Attacks & Prevention – Administrative Account Compromise

Inside the Cloud: Attacks & Prevention – Administrative Account Compromise

By Courtney Bell On August 9, 2024 In Articles

Inside the Cloud: attacks & prevention - Administrative Account Compromise

Join us in this series as we peek inside the cloud and uncover some common attacks on cloud security and some practical prevention tips – to help you protect your environment.

Administrative Account Compromise

Every cloud environment is controlled by at least one administrative account. If an attacker can gain access to that account, they can perform actions at the same level of access at that account. This can happen with a weak or reused password, malware on the administrator’s computer, or via social engineering.

An attacker with access to a single administrative account can create a nightmare of an incident, from encrypting assets for ransom to locking out users, shutting down systems, or silently collecting data for later use.

Fortunately, cloud providers have mitigations to prevent attackers from infiltrating a cloud environment this way. Organizations can also adopt policies to help prevent attackers from hijacking administrative accounts.

Tips on preventing administrative account takeover:

  • Leverage the cloud provider’s IAM (Identity Access Management). IAM initiates security alerts, additional authentication, or may even prevent a login when risk appears elevated (for example, when an administrator login occurs from a new IP address).
  • Use MFA (Multi-Factor Authentication) whenever possible. Administrators can use an authentication app on their mobile device, SMS, or a hardware token as their second factor. If email or another account serves as the second factor, it is especially critical that the employee does not reuse passwords.
  • Segregate servers, and data according to the criticality of data and function. Use the internal firewalls included by many cloud providers to control and log traffic passing between assets.
  • Carefully define ingress access control. This can look like a firewall rule that permits administration only from the administrator’s device or a “Jump Box” that manages hardened assets within the cloud. A “Jump Box” protects against an attacker stealing credentials or leveraging a compromised machine and can provide additional logging in the event of an incident.
  • Provide administrators with systems and accounts that are to be used only for administrative work, with a separate account for everyday work. Set technical policies for complex, long passwords, and provide a password manager to create and share long, random passwords.
  • Train IT staff in the importance of using unique passwords (as opposed to reusing them) and include training on recognizing social media threats.
  • Configure at least two paths of access to administrative control over the cloud environment, including a “break glass” account. Some attackers will hijack and ransom control over cloud environments. Though a cloud provider can help the organization in regaining control, plenty of damage can occur in the meantime. A “break glass” account can allow an organization to log in and contain the incident.
    Keep in mind that cloud “break glass” accounts are sometimes excluded from typical policies and MFA, so they should have an extremely long, random password that is protected out-of-band. Test the account regularly to ensure the process works properly.

An administrative account compromise in a cloud environment represents a significant threat to organizational security. Such attacks can provide malicious actors with unrestricted access to sensitive data, systems, and applications, potentially leading to data breaches, financial loss, and reputational damage. To mitigate these risks, organizations must implement robust security measures, including multi-factor authentication, regular audits, and strict access controls. Educating employees about the importance of secure password practices and the potential dangers of phishing attacks is also crucial. By taking proactive steps to secure administrative accounts, organizations can better protect their cloud assets and maintain the integrity of their digital infrastructure.

Next up in this series is – Cloud-Based Ransomware

Lear more about Creating Visibility In Your Digital Environment with Attack Surface Management (ASM).

Wants to get Early access of our ASM ?


Accomplish your security & compliance goals.
Easier.

Get a Demo