According to CyberArk, cloud giants Amazon Web Services (AWS), and Microsoft Azure are particularly at risk of hidden admin users taking over customer accounts.
CyberArk calls these hidden admin users “shadow administrators” and describes them in a blog posting as “stealthy entity entities that have sensitive permissions that allow them to escalate privileges within cloud environments.”
The company stated that shadow admins can use admin accounts hidden from the public to increase their privileges and cause damage to an organization’s network. “These entities, which are often caused by misconfigurations or lack awareness, can be targeted and put the entire environment at risk.
According to the company, it has been working on the problem for many years. It started in an on-premises environment and then moved to the cloud. AWS and Azure are high-risk for such attacks, according to the company. This is due to their large number of permissions.
While organizations may be familiar enough with their basic admin accounts, Shadow Admins can be difficult to find due to the thousands permissions that are available in standard cloud environments. (AWS and Azure have over 5,000 permissions each. Shadow Admins are possible in many cases.
CyberArk created the open-source tool SkyArk to combat this problem. It has two modules that can be used to find the most priviledged entities in AWS or Azure. According to the company, organizations can improve their security posture by using these tools to identify the entities (users groups and roles) that have the most sensitive or risky permissions. They also scan their environments regularly to look for suspicious deviations in their privileged entity list.
The scanning tool requires only read-only permissions to query the cloud entities and their permissions. After analysis, the tool will provide the results.
CyberArk stated that hackers are increasingly targeting cloud environments, and Shadow Admins have become a primary way for them gain a foothold and escalate privileges to do some serious damage. While admin users are the most important element of cloud security, it’s difficult to secure admins if they don’t exist. This is what the real problem with Shadow Admins is. SkyArk was created to help you find and secure all your most privileged users (including Shadow Admins) and make your cloud environments safer.
