News & Views

Osirium comments on Verkada breach

Following the recent Verkada breach (www.independent.co.uk/news/world/americas/hackers-security-cameras-silicon-valley-tesla-b1814891.html), David Guyatt, CEO at UK based Osirium (www.osirium.com) comments:

“The seriousness of the Verkada breach once again brings attention back to just how valuable administrator accounts can be.  Unfortunately, the reality is that too many organizations don’t protect them as they should.  Administrator accounts are found everywhere, in this case it’s in CCTV cameras.  Lack of visibility and management of administrator credentials is a very present danger for every business.  In relation to the Verkada hack, it has already been reported that administration account passwords were ‘found on the internet’ and this is not the first time we’ve heard of such credentials being leaked through public repositories.  Such leaks may not be intentional as humans are fallible, but it does demonstrate an important reason why valuable credentials must be separated from users.”

“Almost as critically, there is a danger here that the fix could cause as much damage as the initial leak.  Verkada has said it has disabled all internal administrator accounts to prevent any unauthorized access – at the moment as well as keeping potential attackers out, staff can’t get access to do their work.”
 
“In this case, the hackers accessed CCTV cameras, but often such attacks can be just the entry point.  Once attackers gain access to a network, they start to move laterally around it looking for interesting accounts or data, or planting malware preparing for a later attack.”
 
“As a matter of urgency, organizations need to ensure that they have a discovery process in place to identify where administrator, and other privileged, accounts can be found.  From here, they can then bring those accounts under control by simply never letting users have direct access to them.”