You Can Retake Hijacked Access Accounts for Better Endpoint Security

Hijacked network access accounts are one of the main threats facing banks these days. When a network access account is stolen, attackers gain a foothold in the door that leads to a bank’s infrastructure and sensitive data. Once an account is compromised, most of its data security protections are nullified, since the compromised account can now readily access all of the information for which it has appropriate permissions, and as such no alerting or malicious activity will be generated. A secondary result of a network account breach is to use any breached accounts to stage further and deeper diving data mining attempts or infrastructure attacks.

A Crisis At The Call Center

A great example of both of these scenarios occurred at a small credit union. A number of generic network access accounts assigned to temporary call center representatives were compromised, but there were no initial visual signs of any malicious activities.

About two weeks later, the application that monitored and assigned callers to open representatives suddenly stopped working. All other applications were working correctly, and the network support team was unable to figure out the issue. Some hours passed, and the panic levels rose. “How much is this going to cost us?” management began asking.

They decided to bring BigFix online, just for the call center. With this, they could perform asset discovery on their systems and run the established configuration policies across all devices. The goal was to allow BigFix to discover and analyze the devices within the customer service group’s network, and to generate compliance and vulnerability reporting, as well as find any malicious software. This would give them real time results and remediation in case anything out of the norm was detected. The credit union’s call center team was about to become a live-fire pilot group for the brand new BigFix environment.

The users were notified and the BigFix agents were deployed. Within an hour they had a 70% deployment rate to the departments devices, and a sea of red alerts began to pour into the real-time client monitoring console. To deal with the large influx of information, they created filters against out of box reports to break down the client’s issue per category. Even with the BigFix’s automatic remediation in place, the IT team was overwhelmed at the scope of the issues being reported.

A Break In The Storm

Once the storm of red was showed signs of decreasing, they took the opportunity to find the root cause of the call center’s software outage. Again applying filters to BigFix’s out of box reports, they found a piece of software that was still generating alerts across all of the call center representative devices. Interestingly, these alerts were not on any of the devices used by call center management. They also noticed that this software was installed and  running as three of the temporary call center accounts. Suddenly the fact that devices outside the call center were unaffected made sense, as the impacted accounts did not have permissions to access management devices. BigFix had just found the needle in our haystack.

Fix And Repair

The three affected accounts were sent to the IT security team for analysis, who confirmed that these accounts had been compromised two weeks prior. A web plugin had been installed, which targeted the call center software and led to an internally initiated DDoS attack. In the end, this cost the organization five hours of production time and six figure losses. Meanwhile, a manual remediation of the offending software initiated via BigFix removed it from the call center devices in twenty minutes.

Post Mortem

In this example, the credit union had many levels of “rogue IT” that ultimately led to a systemic breakdown of its set security posture. While they did not escape the fines as a result of this incident, they were able to successfully develop and implement a remediation plan within a two week timeframe, using BigFix as its primary tool to replace and remove all other “rogue IT” tools and pockets in the organization.

When BigFix is integrated with all aspects of a financial institution’s security posture, including user management, these institutions will gain a context-based service for access account management and monitoring. Champion’s solution will enable a banking organization to easily and effectively monitor network access accounts and will provide automated access remediation as required a business’s security policy.

PREV

Top 5 Things to Know about Tintri Analytics

NEXT

Securing Public and Private Cloud Application Services to Close Attack Launching Points

WRITTEN BY:

Erick Bacallao joined Champion Solutions Group in 2015 after a career of Software Development in Cuba at the National Cancer Care Institute of Cuba, followed by moving to the States with allAware.

 

Champion acquired allAware and its properties and Erick has utilized his extensive background and expertise in IT and Software Development to rise to VP of Product Development in less than 5 years. During this time, Erick has been involved with key projects that led to the launch of numerous products including CSP Boss, Inscape platform and 365 Productivity Insights.

 

Erick has a Bachelor of Science in Computer Science from the University of Havana. He won Gold Medals for Programming from the Ministry of Education in Cuba, and he is certainly still a Gold Medalist for Champion!

 

As President and CEO, Chris is responsible for the development of key strategic alliances and solution portfolio. He leads Champion’s go-to market and execution strategies for integrated offerings in the cloud, in security, and in digital infrastructure, always focusing on improving the customer experience and driving transformative business outcomes.

 

He also aligns key partner initiatives with company strategy and oversees corporate marketing and messaging to gain mindshare with customers and partners. It’s his vision and innovativeness that have catapulted Champion up the ranks to become a $100M+ organization—and one of the most respected solution providers in the industry.

 

Over the past two decades, Chris has also focused on mergers and acquisitions, as well as innovative product development. He is the original founder and an active member on the Board of Managed Maintenance, Inc., a SAAS provider and consulting firm that utilizes their award-winning One-View Portal to help the IT Channel and its customers manage their IT Maintenance.

 

Chris is also the original founder and chief strategist behind one of the original storage cloud providers, Storage Access / BluePoint. During the course of a few short years, he had raised $20M and took that company public on the Toronto Stock Exchange. It has since been acquired by Pomeroy.

 

In 2012, Chris led the acquisition of MessageOps and continued the product development and worldwide launch of its premier SAAS, 365 Command. Built on Microsoft Azure, 365 Command is currently managing over 1 million seats of Microsoft’s Office 365. After achieving this phenomenal milestone, 365 Command and other MessageOps O365 utilities were sold to Kaseya.

 

Over the past 35 years, Chris as worked tirelessly to not only advance his own career, but those of his employees. In addition to leading a $100M organization, Chris can also be found sitting with sales teams, cold calling and coaching, and validating why Champion has been listed on Best Places to Work by both South Florida Business Journal and Computerworld.

Ultimately, the success garnered by Champion Solutions Group, its associated companies, and their employees is due in large part to the leadership of its President and CEO. Perhaps the most fitting award Chris has earned is South Florida Business Journal’s 2013 Ultimate CEO Award.