Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity News

What are Hacker Preferences When Targeting Privileged Credentials?

hacker
September 19, 2019

During the Black Hat annual conference in Las Vegas August 3-8, 2019, Thycotic conducted research with nearly 300 attendees identifying either as “hackers” (49 percent) or “security professionals” (51 percent). Only four percent of hacker respondents to the survey identify themselves as criminals using their skills for malicious activity. 

Both hackers and security pros strongly agree that service accounts are an attractive target because hackers can easily elevate privileges and gain access to sensitive information. Interestingly, a third of all respondents say that passwords are only changed after a compromise occurs.

Nearly 50 percent of security pros believe hackers would sell stolen sensitive data for profit and only 10 percent would disclose it responsibility. Fifty percent of hacker respondents say they would disclose hacked information responsibly while less than 5 percent would sell the info or hold it for ransom.

A significant number of security pros (36 percent) and hackers (22 percent) did not feel any of the major providers, such as AWS, Microsoft or Google, were especially good at protecting their IT environments from threats. Hackers seemed to have a better opinion of AWS (32 percent), followed by Google (22 percent) and Microsoft Azure (20 percent). Security pros rated AWS (30 percent) ahead of both Microsoft (18 percent) and Google (15 percent).

Hacker preferences when targeting privileged credentials: 

  1. Domain Admin Accounts (34 percent)
  2. Root Accounts (30 percent)
  3. Service Accounts (20 percent)
  4. Local Accounts (12 percent)
  5. Default Built-in Accounts (4 percent)

Security professionals worry about these privileged accounts as most vulnerable:

  1. Domain Admin Accounts (26 percent)
  2. Service Accounts (24 percent)
  3. Root Accounts (18 percent)
  4. Local Accounts (17 percent)
  5. Default Built-in Accounts (15 percent)

Why are service accounts a favored target of hackers? Both hackers and security professionals agree on:

  1. Easily elevated privileges
  2. Access to valuable/sensitive stuff
  3. Persistent access
  4. Under the radar movement
  5. Ability to hide tracks and delete logs
  6. Easy access to dependent systems 

Top protections hackers run into when targeting service accounts:

  • Complex passwords
  • Privileged access controls
  • Alerting 
  • Multi-Factor Authentication 
  • Frequent password rotation 
  • Auditing 

Top security controls security professionals use to protect service accounts:

  • Complex passwords
  • Multi-Factor Authentication 
  • Privileged access controls 
  • Frequent password rotation 
  • Auditing 
  • Alerting 

Both hackers and security professionals agree that the following works best to protect service accounts:

  • Find and remove unnecessary service accounts
  • Frequently rotate credentials
  • Monitor all privileged account activity to detect suspicious behavior
  • Use a centralized password vault to protect privileged account credentials
  • Multi-Factor Authentication 
  • Employee Education

To find privileged accounts, hackers target the following credential environments:

  • On-premises (30 percent)
  • Cloud (29 percent)
  • Hybrid cloud-on-premises (17 percent)
  • Supply chain contractors (19 percent)
KEYWORDS: Black Hat cloud security cybersecurity hackers

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Laptop with desktop screen showing

    What leaders need to know about generational privacy preferences

    See More
  • cloud-enews

    Securing cloud access when everyone is now a privileged user

    See More
  • Hire a ransomware negotiator for your enteprise

    Consider these credentials when hiring a ransomware negotiator

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing