Everyone in IT security knows this term, at least when preparing for the CISSP exam. But the first time you come across one in real life is shocking. Back in the 2000s, I worked for an IT security company (no cybersecurity in those days 🙂 ) which also dealt with ethical hacking. Our customer was a well-known university. We had to wake up early to arrive at its facility before 8 AM. Our project was to secure the whole IT infrastructure in 1 hour before the CIO fired the (I mean THE) administrator.
Our first step was to overwrite his administrator credentials which was not a big deal that time if you had local access to the systems. Naturally, we suspended all of his credentials. We found several SSH servers and remote access tools on the Windows servers. With deeper analysis, we also found some privileged user accounts that shouldn’t have been there. It was obvious that THE administrator had taken some steps for accessing the system in worse times.
Everything went well, the university revoked physical access to the premises from THE administrator who had to leave his workplace by noon. We constantly monitored remote access attempts and late in the afternoon, we noticed that someone was trying to reach the previously disabled remote accounts. Not a big surprise, THE administrator tried to take revenge on his previous employer.
Security Issue at Verelox
That story came into my mind when I read that there was a security issue at Verelox, a provider of dedicated KVM and VPS servers based in The Hague, Netherlands. The company suffered a catastrophic outage after a former administrator deleted all customer data and wiped most of the company’s servers. At Balabit, we promote the supervision of privileged users because they have the potential to cause devastating harm to enterprise IT environments with just one click.
With Balabit Privileged Access Management, you can easily centralize and control all remote access, e.g. on SSH and RDP, therefore a former privileged user won’t able to circumvent the central security enforcement point, meanwhile, revocation of their access becomes much easier. Moreover, with Balabit Privileged Session Management you can blacklist some dangerous commands, e.g. rm or shutdown or applications on a Windows Server that can’t be used and the remote session can be terminated instantly if those are issued. If you can’t specify such a blacklist, Balabit Privileged Account Analytics helps you identify unusual privileged user activities as soon they happen, therefore you can stop rogue internal attacks before they escalate.
While these disgruntled employees are few and far between, the risk they pose is too great to simply hope for the best. Advanced Privileged Access Management tools can streamline workflows making privileged users’ work easier while keeping your IT systems from someone out for revenge.