Disgruntled Employee Hacks Former Employer using McDonald’s Free WiFi

by Alex Shoykhet 23. August 2011 12:19

Shionogi, a Japanese pharmaceutical company, was recently hacked by a former disgruntled IT administrator as reported by Fahmida Y. Rashid in the Latest Anonymous Havoc, Resurgent Spam Lead Week's Security News from eWeek.com.  The former employee hacked the system via free WiFi in a local McDonald’s after having been laid off by Shionogi.

 

During his intrusion, he deleted the company's virtual infrastructure, equivalent to 88 physical servers, and brought the company to a standstill as it tried to recover data,” this alone shows proper procedures were not in place with the termination of employment, especially under the circumstances that the employee had access to sensitive passwords to the server infrastructure.  In addition to best practices in account identity management there should have been another layer of security protection of a least privileged approach and segregation of duties.

 

This case points out how important it is to ensure that IT administrator have permissions to only what is necessary for their specific job role.  For instance, administrators who are responsible for daily operations such as patch management may automatically be granted full administrative rights or often times, administrators who are responsible for managing applications can also request full administrative rights to the entire server in order to support applications.   In reality, administrator rights can be elevated to perform only the necessary functions, such as approved software installations, disk management, or to manage specific applications.  In some scenarios, IT may want to restrict administrators functions, such as removing/reducing the ability to modify members of the local admin group, install server roles, etc.  This segregation of duties for administrators can be achieved by implementing granular privilege management policies and following best practices related to separation of duties.  Following basic best practices, such as having the proper procedures in place after the termination of an employee (including those steps for “privileged” users), operating in a least privilege environment, and establishing separation of duties policies can ensure your organization is less vulnerable to internal and external attacks.

 

Currently rated 1.5 by 2 people

  • Currently 1.5/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags: , , ,

Administrative Rights | application control | Principle of Least Privileges | Privilege Management | Security | Security Protection | Viewfinity

E-mail | Kick it! | DZone it! | del.icio.us
Permalink | Comments (0) | Post RSSRSS comment feed

Comments

Add comment


 

  Country flag

biuquote
  • Comment
  • Preview
Loading



Powered by BlogEngine.NET 1.4.5.0
Theme by Mads Kristensen

Calendar

<<  May 2012  >>
MoTuWeThFrSaSu
30123456
78910111213
14151617181920
21222324252627
28293031123
45678910

View posts in large calendar

About Viewfinity

Viewfinity provides privilege management and application control for desktops, laptops and servers, empowering enterprises to meet compliance mandates, reduce security risks, and lower IT costs. Many enterprises are implementing least privileges to add a solid layer of defense for desktop environments, further protecting against malware and Advanced Persistent Threats. Viewfinity allows IT Administrators to create and enforce default-deny and elevated permission policies for endpoint access to applications and desktop functions by controlling user rights for desktops and mobile laptop/netbook users. For more information, visit www.viewfinity.com.

Follow us on Twitter: viewfinity
Find us on LinkedIn: www.linkedin.com/companies/viewfinity
Become a fan on Facebook: www.viewfinity.com/facebook