Three Service Account Secrets Straight from Hackers and Security Pros | Threatpost

Barbara Hoffman, Product Marketing Manager, Thycotic

Nearly 19,000 infosec experts travel from all over the world to attend the annual Black Hat Conference. They come to share, educate and disclose their security research on the latest vulnerabilities and cyberthreats. We here at Thycotic love to be a part of the excitement and information exchange by conducting our own survey.

At this year’s Black Hat Conference, we surveyed nearly 300 attendees regarding the privileged account attack surface. Respondents represent an almost even split of 51% hackers and 49% security professionals. This gives our results a bit of a twist by allowing us to compare key perceptions coming from opposite angles. We found that while quite a few responses were split – both hackers and security pros strongly agree that service accounts are an attractive target because hackers can easily elevate privileges and gain access to sensitive information.

What exactly are service accounts?

Conceptually, the easiest way to think about a service account is as a “non-human” account.  People (humans) require access to networks, computers, files, printers, databases and other assets. Likewise, computer programs need the same access.  So, when software (non-human/machine) is given a user account, that is called a service account.  Service accounts are used in operating systems to execute applications or run programs in the background and are usually created manually or during a software installation.

Why are service accounts so difficult to manage?

Service accounts fly under the radar of IT governance and can have access to critical applications and data. They are extremely time-consuming to discover and control, and are also prone to human error when managed manually. Because of this, we’ve seen almost all medium to large organizations suffer from extreme service account sprawl, perpetuating the unmanaged, uncontrolled expansion of their privileged account attack surface.

Service accounts are basically a ticking time bomb in the privileged account world.  Both the hackers and security professionals we surveyed strongly agree that service accounts are an attractive target because hackers can easily elevate privileges and gain access to sensitive information.

Here’s where our results get interesting – one-third of security professionals say service accounts are changed only after an incident or never rotated! They know the significant risk associated with managing and securing service accounts, yet they aren’t sufficiently protecting them today.

What’s the best way to protect service accounts from compromise? You might be relieved to hear that on this topic, hackers and security professionals agree – here is what they told us are the three best ways to protect a service account from compromise:

Monitoring is also essential for compliance and security reviews.  You should be able to get full inventories of your service accounts and have automated audit trails.

Follow these three best practices to get control of your service accounts or face serious consequences. For more key insights from  download our Black Hat 2019 Hacker Survey Report – Hackers & Security Professionals at Black Hat 2019: Where They Agree and Where They Differ.