Shadow Admin are network accounts with sensitive privileges, typically overlooked because they are not members of a highly privileged Active Directory group. “Instead, shadow admin accounts are granted their privileges through the direct assignment of permissions using access control lists on AD objects"
In a session on Thursday researchers offered nearly a dozen proof-of-concept scenarios where an inside-attacker can silently persist and abuse cloud platforms to escalate user privileges to cause harm or access protected company data.
they can launch a new machine, connect to the machine and assign the machine permissions. Next, they can use those permissions to shut down cloud instances, exfiltrate data from databases or run crypto mining code.
An adversary can maliciously terminate Amazon Elastic Compute Cloud (EC2) instances running within a targeted company
“The terrifying thing is we have discovered ten different examples just like this,” Lazarovitz said. “In each example the attacker only needs one permission to escalate and gain full admin rights.”
https://threatpost.com/cloud-credentials-new-attack-surface-for-old-problem/131304/
No comments:
Post a Comment