This page is fully or partially automatically translated.

  • Technical contribution
  • Data Center Security, Identity and Access-Management

Lessons from hacker attacks

Past, complex cyber attacks pose new challenges for IT departments. What are the lessons learned from hacker attacks and how can they be prevented?

Mohamed Ibbich
Mohamed Ibbich
Lead Solutions Engineer BeyondTrust

This content is available to the it-sa 365 community. Please register or log in with your login data.

Teaser Knowledge

In the corona pandemic, clinics, laboratories and medical centers are currently the target of hackers. At the end of March, the Federal Office for Information Security reported attacks by Chinese hacker groups targeting foreign health care facilities. In April, hackers targeted one of the largest clinics in the Czech Republic conducting research on the corona virus. Most recently, hackers were able to steal Spanish data on corona vaccines.

The security incidents document complex cyber attacks that present IT departments with new challenges. 


Privileged Access Threat Report

The Privileged Access Threat Report shows that two out of three companies expect a serious security breach by third parties or employees. However, the number of security breaches can be significantly reduced if IT managers regain control over the use of credentials. So what are the lessons learned from the hacker attacks?

1. Trust in service providers is good, security control is better
External service providers are firmly integrated into an organization's IT processes and are frequent secondary targets of hacker attacks. IT managers therefore need to know which IT systems and data can be accessed by which users with which access rights. In addition to clearly defined user rights profiles with ActiveDirectory connection, this requires audit-proof auditing of all processes performed. Also, end-to-end encryption is indispensable for sorting out legacy solutions with VPN access.

2. The use of VPN connections is not recommended.
Compromised end-to-end connections allow unauthorized persons with successfully hacked user profiles to move unobserved in the target network. IT managers need a complete view of all network activities to control, monitor, log and avert danger.

3. No blank checks for access rights
Who may access which system at what time? These are the questions that must be verifiably regulated. Under no circumstances may persons be given a common password key for access to sensitive databases. The best practice recommendation is that users have individual access data so that all configurations carried out can also be assigned to the respective administrators.

4. Monitor accesses
Security managers and IT admins rely on professional password management solutions to securely manage passwords and protect shared accounts. Passwords are stored centrally in encrypted form, rotated regularly and fed in as required using credential injection technology (directly into target systems). In this way, authorized users are given individual access to servers and IT systems without revealing their passwords.


5. Secure passwords
In addition to the automated rotation or one-time use of passwords, a security concept also includes another measure. Hard-coded passwords from applications and scripts must be removed in order to securely transfer access data from application to application without manual intervention. Many service accounts often provide access to critical systems for years, so hacker activities are often detected late. In the event of an attack, it is often a matter of minutes, so an automated rotation can be worth its weight in gold.

6. Least privilege policy
Users usually do not need full and continuous access to all services to perform their tasks. As a basic precautionary measure, it is therefore recommended to assign as few authorizations as necessary. This way, unauthorized persons can cause less damage if they are in possession of current logon data. Professional IT solutions for Privileged Access Management detect and remove administrator rights and grant increased privileges only for audited applications and tasks.