Recent exposure of cyber criminal activity leaking large volumes of admin and user credentials from a foreign exchange trading Web portal on to the Pastebin service could have been prevented, states Avecto.
According to Paul Kenyon, Avecto's chief operating officer, the use of effective Windows privilege management would have helped limit access to data. "While questions need to be asked about the way in which this data was stored on the firm's servers, limiting which accounts had access to what data by default would have minimized the amount of damage that the hackers caused," he said.
"In addition, the provision of automated and mandatory password changes an effective Windows privilege management system imposes, closes the window of vulnerability. This is due to the increased frequency of password changes required by the more powerful account.”
The chief operating officer with the Windows privilege management specialist went on to say that it is noteworthy that the hackers operating within the Project GhostShell group are quoted by news reports as claiming they are targeting - amongst other segments of business Internet users – “the stupid.”
While the credibility of the professionals behind the foreign exchange trading system is now in question, the main concern should be with how the hackers gained access to a very wide range of information - including the company's server's details, as well as their physical location, host name, name servers and registrar details.
Other data leaked includes the names of 172 tables, 515 forum user-names and email addresses, 208 user locations, 376 ICQ IDs, the hobbies and occupations of around 200 customers, and 482 MD5 password hashes.
On top of this, Kenyon commented, the leaked data includes an astonishingly large volume - more than 1,900 - admin login IP addresses, 39 admin user names and a small number of their password hashes.
Although it is difficult to comment directly on the limited information revealed in the news report, Kenyon added that it seems very odd that so many IP addresses were used by admin accounts – an average of approaching 50 IP addresses per admin account.
"Conventional privilege management technology limits the number of admin privileges on a typical platform to a small handful of accounts - with the rest of the users granted access on a more granular basis," he added.
"By implementing tight control of admin privileges as part of a least privilege strategy it is possible to give users the freedom they need to do their jobs while at the same time reducing the risk profile of the system as a whole," Kenyon concluded.