Administrative rights can be one of the most potent weapons for malicious intent. A user cyber-criminal with administrative rights is able to install or change any software on your business systems.
Limiting administrative rights should be an essential part of your IT infrastructure in order to properly secure access to system controls. However many companies do not have appropriate measures in place to counter the threat of unchecked admin rights as they are simply not aware of the risks that are posed. Here are some of the common ways in which full administrative rights expose your business to cybercrime.
Access All Areas & Invite Others
Administrative rights enable users to install new software, add acounts, and change the way in which your systems operate. They also mean your users can "own" any file on your network - privileges always beat permissions.
This means that admin users can change ownership of relevant documents or folders, and either restrict acess, copy, or transfer data without any other authority - even tampering with protected security policies. By offering the ability to directly access and change specific registry keys, administrative rights allow users to navigate around central management policies whenever they choose.
The freedom to create new accounts and set privilege levels means that any compromised local administrator account can create multiple new local admins in future. This access poses a serious risk to security, with the potential to give lasting access to malicious users, whether internal or external, as well as any accomplices.
Once a malicious individual gains access to a user’s desktop, they can turn their attention to corrupting the entire corporate network. With the ability to freely access any part of the operating system or network, miscreants with admin privileges can also prepare 'traps' for users with higher privilege, such as domain admins.
Unrestricted admin rights, therefore, pose a significant risk around privilege escalation attacks and lateral movement. The ability to manage certificates for the local machine means admin users also risk exposing others to phishing and man-in-the middle attacks.
For example, by installing a fake certificate authority, malicious users can trick others into believing they are visiting trusted sites or receiving information from a trusted source, leading to the gathering of sensitive information or the installation of malware.
Spying on the network
Capturing network traffic allows the potential for admin users to find vulnerabilities within a network. The use of port scanning tools is a common means for those with administrative privileges to identify network services running on a host and to shore up their defenses. But in the wrong hands, this will also allow malicious users to find and exploit vulnerabilities in the corporate system.
The freedom to install, update or remove any application or software can inadvertently leave the IT environment open to vulnerabilities. End-users do not necessarily know the full implications of their actions; this unawareness can pose a serious risk to system stability and data security.
One example is that admin users can create scheduled tasks to run as System: applications can be configured to run bypassing User Account Control protocols, while processes can be run as Systemtoo. This means malicious software can be embedded and set to trigger in future, running in the background to existing applications.
The ability to make any changes within an IT system offers cyber-criminals the ability to cover their tracks in cases of misdemeanor. They can delete applications, system and security event logs to cover up any wrongdoing with relative ease.
These examples show that once a hacker infiltrates an endpoint with full administrator privileges, they can quickly wreak havoc within an organization, and the best can remain undetected.
Operating in an environment of 'least privilege' means organizations can develop a stronger security posture, without the need to limit operational agility. Businesses must understand that withdrawing administrator rights will reduce the attack surface for malicious individuals while maintaining the ability of personnel to be productive in their role.
A full systems audit from WellandTech is likely to be much less expensive than you may thing - and will go a long way to ensure your network is operating securely and effectively. Contact us today for a no obligation chat about how we can help.