Syncing of cloud passwords opens businesses to cyberattacks

A new report reveals that 67 percent of businesses routinely synchronize most of their users’ passwords from their on-premises directories to their cloud counterparts. This poses substantial security risks by creating a gateway for attackers to hack these environments from on-prem settings.

The report from Silverfort shows that in the rush to the cloud security gaps stemming from legacy infrastructure, misconfigurations, and insecure built-in features create pathways for attackers to access the cloud, significantly weakening a company's resilience to identity threats.

"Identity is the elephant in the room. We know that identity plays a key role in nearly every cyberattack. Lockbit, BlackCat, TA577, Fancy Bear -- they all use identity gaps to break in, move laterally, and gain more permissions," says Hed Kovetz, CEO and co-founder of Silverfort. "But we need to know how common each identity security gap is so we can start methodically fixing them. Finally, we have concrete evidence outlining the frequency of identity gaps, which we can now classify as Password Exposers, Lateral Movers, or Privilege Escalators, and they're all vehicles for threat actors to complete their attacks. We hope that by shining a light on the prevalence of these issues, identity and security teams will have the hard numbers they need to prioritize adequate security investments and eliminate these blind spots.”

Among other findings, two-thirds of all user accounts authenticate via the weakly encrypted NTLM protocol, providing attackers easy access to cleartext passwords.

Also a single misconfiguration in an Active Directory account spawns 109 new shadow admins on average. Shadow admins are user accounts with the power to reset passwords or manipulate accounts in other ways. Attackers use shadow admins to change settings and permissions and gain more access to machines as they move deeper into an environment.

31 percent of user accounts are service accounts. These are used for machine-to-machine communication and have a high level of access and privileges. Attackers target these accounts as security teams often overlook them. Indeed only 20 percent of companies are highly confident that they have visibility into every service account and can protect them.

In addition 13 percent of user accounts are categorized as 'stale', which are effectively dormant user accounts that the IT team may have forgotten. They too are easy targets for lateral movement and evading detection by attackers

You can get the full report from the Silverfort site.

Image credit: alfansubekti/depositphotos.com