Least Privilege Vulnerabilities Exploitation Case Study


The principle of least privilege is a security concept that limits security exposure in IT environments through balancing security, productivity, privacy and risk. To put it simply, least privilege controls restrict each user’s access rights to the minimum they need to perform their job.

Did you know that 74% of data breaches start with privileged credential abuse? According to Centrify’s Privileged Access Management in the Modern Threatscape survey, that is exactly so.

Privilege attacks may come in many shapes and sizes. Let’s review briefly some variations of such attacks with a reference to real cases.

  1. Privilege abuse: An employee of a third-party consulting firm stole the personal health identity data of 18,500 Anthem customers in 2017
  2. Privilege escalation: Both the Home Depot and Target data breaches happened due to a third-party vendor’s credentials being somehow compromised, giving the hacker access to their networks
  3. Unauthorized access: An ex-employee of the engineering firm Allen & Hoshall appropriated some intellectual property, client correspondence and other sensitive data after using email credentials of a former colleague
  4. Human error: Two workers at Vanderbilt University Medical Center (VUMC) were granted access to 3,000 medical records of patients, despite the fact that such authorization was not related in any way to their job duties

Not using the least privilege principle is a recipe for disaster. As you can see, the ingredients may be different, but the bitter aftertaste is all the same. 

This article will focus on the 2017 Equifax data breach — an incident of massive proportions that could have been avoided if the proper defensive mechanisms were set in place.

Case study: Equifax data breach

The initial compromise took place on March 10, 2017. It was due to an unpatched vulnerability (CVE-2017-5638) existing in an Apache Struts instance running on Equifax’s web servers. (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Dimitar Kostadinov. Read the original post at: