In our 12 Threats of Christmas feature, we want to look at cyber threats and issues that can impact organisations.  

Some may be known to you, whilst others, may seem a little more out of the box. 

On the eleventh day of Christmas, our cyber threat is: 

Administration Accounts 

It is best practice to have separate administration accounts for your cyber infrastructure. Having these separate accounts usually, with ‘super user’ privileges means that your systems can be regularly updated as and when needs be.  

Having an admin account also enables a person or department to help you access your account if you forget your password or have other technical issues. 

However, admin accounts are the ‘holy grail’ to cyber criminals. Especially when criminals are aware that these sorts of accounts hold all the power in an organisation.  

Last month, it was revealed by security experts PhishLabs, that’s Office 365 Administrators were being targeted by cyber criminals across a wide range of industries and enterprises. 

PhishLabs have said Administrators were targeted for several reasons, claiming:  

“Office 365 admins have administrative control over all email accounts on a domain. Depending on the current configuration of the Office 365 instance, a compromised admin account may enable retrieval of user emails, or complete takeover of other email accounts on the domain.  

“In addition, Office 365 admins often have elevated privileges on other systems within an organisation, potentially allowing further compromises to take place via password reset attempts or abusing single-sign-on systems.”  

Once an administrator has been hacked, the cyber criminals can get to work setting up new accounts within the compromised business’s IT infrastructure 

These accounts are then used to send out more legitimate-seeming phishing emails.  

PhishLabs added: 

“This is beneficial for attackers because many email filtering solutions leverage the reputation of a sender domain as a major component of determining whether to block an email.  

“Well established domains with a track record of sending benign messages are less likely to be quickly blocked by these systems. This increases the deliverability and efficiency of phishing lures.”  

By sending Microsoft style emails from new accounts, cyber criminals are able to stay under the radar and continue to phish unsuspecting users, gaining a wealth of information and influence. 

How do I know who is an administrator in my organisation? 

In your organisation, your IT department will undoubtedly be the administrators of your computer systems. Ensuring that all of your defences are up-to-date, keeping cyber criminals out in the cold. 

Administrators should ensure that: 

  • They have separate accounts for admin activities and day to day activities 
  • They have and use 2 factor authentication (2FA) on their admin accounts as a precaution against their passwords being stolen 

Missed Day 10 which focused on Macros? Fear not, you can read it here.