During the Black Hat annual conference in Las Vegas August 3-8, 2019, Thycotic conducted research with nearly 300 attendees identifying either as “hackers” (49 percent) or “security professionals” (51 percent). Only four percent of hacker respondents to the survey identify themselves as criminals using their skills for malicious activity. 

Both hackers and security pros strongly agree that service accounts are an attractive target because hackers can easily elevate privileges and gain access to sensitive information. Interestingly, a third of all respondents say that passwords are only changed after a compromise occurs.

Nearly 50 percent of security pros believe hackers would sell stolen sensitive data for profit and only 10 percent would disclose it responsibility. Fifty percent of hacker respondents say they would disclose hacked information responsibly while less than 5 percent would sell the info or hold it for ransom.

A significant number of security pros (36 percent) and hackers (22 percent) did not feel any of the major providers, such as AWS, Microsoft or Google, were especially good at protecting their IT environments from threats. Hackers seemed to have a better opinion of AWS (32 percent), followed by Google (22 percent) and Microsoft Azure (20 percent). Security pros rated AWS (30 percent) ahead of both Microsoft (18 percent) and Google (15 percent).

Hacker preferences when targeting privileged credentials: 

  1. Domain Admin Accounts (34 percent)
  2. Root Accounts (30 percent)
  3. Service Accounts (20 percent)
  4. Local Accounts (12 percent)
  5. Default Built-in Accounts (4 percent)

Security professionals worry about these privileged accounts as most vulnerable:

  1. Domain Admin Accounts (26 percent)
  2. Service Accounts (24 percent)
  3. Root Accounts (18 percent)
  4. Local Accounts (17 percent)
  5. Default Built-in Accounts (15 percent)

Why are service accounts a favored target of hackers? Both hackers and security professionals agree on:

  1. Easily elevated privileges
  2. Access to valuable/sensitive stuff
  3. Persistent access
  4. Under the radar movement
  5. Ability to hide tracks and delete logs
  6. Easy access to dependent systems 

Top protections hackers run into when targeting service accounts:

  • Complex passwords
  • Privileged access controls
  • Alerting 
  • Multi-Factor Authentication 
  • Frequent password rotation 
  • Auditing 

Top security controls security professionals use to protect service accounts:

  • Complex passwords
  • Multi-Factor Authentication 
  • Privileged access controls 
  • Frequent password rotation 
  • Auditing 
  • Alerting 

Both hackers and security professionals agree that the following works best to protect service accounts:

  • Find and remove unnecessary service accounts
  • Frequently rotate credentials
  • Monitor all privileged account activity to detect suspicious behavior
  • Use a centralized password vault to protect privileged account credentials
  • Multi-Factor Authentication 
  • Employee Education

To find privileged accounts, hackers target the following credential environments:

  • On-premises (30 percent)
  • Cloud (29 percent)
  • Hybrid cloud-on-premises (17 percent)
  • Supply chain contractors (19 percent)