Citrix: Password Wars – Randomizing Local Admin Passwords in Non-persistent Environments
Achieving complete control over a company is a feat that requires a black belt and serious Jedi hacking skills. You must create a chain of multiple zero-day exploits to get into a network (we all know they are really “cheap”), use a hacking mask to bypass face recognition authentication and, finally, extract data using an FM radio receiver and video card — something only a true master can pull off.
Extreme examples sound great, but they usually belong to action novels and click-bait articles, as real-life hacks are less dramatic. Attackers tend to follow the path of least resistance. Very often, after reading detailed descriptions of the latest security breach, you can find out that admin/admin credentials were used, or hackers used some forgotten account with P@ssw0rd or Company123 passwords.
Unfortunately, many security teams believe that their focus can determine their reality. They expend a lot of effort trying to protect their assets from rare and exotic attack vectors while ignoring or underestimating the big hole right under their feet. The Pareto Principle applies to IT security as well: it is possible to spend 20% of your effort to protect your company from 80% of the attacks. I often recommend reading reliable analyses, such as DBIR (my favorite annual report) to find out about the most common attack techniques, how to stay on target, and how to set up your defenses. In the latest report, you’ll see that 81% of hacking-related breaches leveraged either stolen and/or weak passwords.
In a data center, very very close, not a long time ago… This is a story of how one weak password can bring down the whole empire.
Attack of the clones
The local administrator account is one of the most common security underdogs. It is often ignored – after all, it gives you only local privileges, right? Well, size matters not. This account is present on every Windows-based computer in your company, where it co-exists with other, more interesting accounts. Local accounts are decentralized in nature, but unfortunately, they often share the same password. This vulnerability can easily be used for privilege escalation.
Read the entire article here, Password Wars: Randomizing Local Admin Passwords in Non-persistent Environments
Via the fine folks at Citrix Systems, Inc.