无 惧 前 行
新数字经济场景下的特权访问管理
路军龙
CyberArk software
技术总监
黑客攻击链
Aims for
Windows
Privileges
Network
Hijacking
Credential
Harvesting
特权访问风险面巨大
• 特权账号无处不在
• 账号共享,缺少责任界面
• 应用内嵌密码难于管理
• 改密带来挑战
• 远程访问无法保证安全,难于追踪
• 不同服务商的远程访问难于实现灵活访问控制
• 黑客的最爱
▪ mysql::database::populate { 'my-db':
▪ username => 'production-robot',
▪ password =>
'
D3d*9!xs3#fk^d5fSDvu%34qsocv3
',
▪ privileges => 'SELECT,INSERT,UPDATE,DELETE',
▪ schemafile => '/usr/share/my-
db/schema/mysql.sql',}
DANGER!!
新常态下的安全趋势
According to the report, phishing remains the top form of
social-driven breach and “schemes are increasingly
sophisticated and malicious” as remote work surges.
Meanwhile, the use of stolen credentials by external actors is
on a meteoric rise. More than 80% of breaches tied to hacking
(the number one threat action) involve the use of lost or
stolen credentials or brute force.
While these findings are not new or surprising, the DBIR
reminds us that attackers nearly always take the path of least
resistance by using this tried-and-true approach: start with a
phishing scam (96% arrive by email) targeting a user’s
endpoint, then easily crack weak passwords or steal
credentials stored on the device. Using these credentials, the
attacker can move from workstation to workstation in search
of sensitive data to steal and privileged credentials (such as
local admin rights) that enable escalation to higher-value
assets and information.
https://www.cyberark.com/resources/blog/verizon-dbir-2020-credential-
theft-phishing-cloud-attacks