Mumbai : In a bid to keep pharmaceutical companies protected from cyber threats, cyber security experts have called them to implement multi-factor authentication (MFA) on the entry point to their information system and make it compulsory for subcontractors to conduct an Active Directory (AD) compliance audit.
Cyberattacks exploiting the subcontracting chain have steadily increased over the last few years. This is a major development in the operational models of hacker groups: instead of going directly at the target, threat actors operate by first infecting a direct or indirect supplier of the intended victim. Healthcare and pharma sector companies that have been in the front lines working to fight against the pandemic in the country are facing a new wave of ransomware attacks lately.
“Pharmaceutical companies need to work with their subcontractors to check how they store the information needed to log in to the organization’s information system. It is necessary to determine how that information is accessed. Secondly, pharma companies must require that the subcontractor conduct an AD compliance audit. One of the most important aspects often overlooked is implementing multi-factor authentication on the entry point to their information system. Password authentication is not enough. Apart from these measures, organizations need to continuously monitor the AD for vulnerabilities and misconfigurations so attacks can be detected and threat actors are stopped from moving laterally,” said Kartik Shahani, country manager, Tenable India.
Once threat actors gain privileged access to AD, they essentially have the “blueprints to the castle” and can perform a number of actions such as creating new admin-level users, adding new machines to the network, deploying malware and more. All it takes is for one machine in a network to be compromised to get access to AD before attackers run rampant, said Shahani.
It is necessary to track all login information and implement a monitoring and remediation plan for AD configuration. If the subcontractor does get infected and the compromise hits an organization’s information system, the mass infection will use the aforementioned organization’s AD configuration weaknesses and vulnerabilities. Organizations must check that their backup process is working and that they are able to restore the most important data, he stated.
AD should be secured and maintained round the clock. With the right technology, commonly attacked user and computer configurations can be detected with a simple AD scan. This scan gives organizations a high-level view of their AD security and will indicate any potential misconfigurations, said country manager of Tenable India.
Organizations must also address other common security issues in AD as soon as possible, such as securing privileged users and the associated attributes, verifying privileged groups and the members, reviewing and securing AD and SYSVOL permissions, adopting a zero-trust approach to ensure all trust relationships are correct and patching any known vulnerabilities, he stated.
Shedding light on challenges faced by organizations in securing AD, he said “In many organizations, IT administrators manage AD deployments, while security teams are responsible for protecting them. Many organizations are faced with limited IT and security budgets and security practitioners, in particular, are often expected to be knowledgeable in multiple domains. This has resulted in the lack of expert knowledge on AD — and the many intricacies involved with properly implementing it.”
Further complicating the issue is the security fatigue many professionals face from trying to secure impossibly large enterprises. This results in common misconfigurations such as too many users being assigned to privileged groups. Additionally, service accounts are created to keep key applications running properly, but they are often granted excessive and unnecessary permissions. Weak password policies, non-expiring passwords and weak encryption create significant risks for organizations. AD accounts are added over time as organizations grow. However, in many cases, inactive accounts for former employees remain provisioned and forgotten, which is another potential avenue for a determined attacker. These grey areas created over time make AD challenging to secure, but it’s not impossible, he concluded.
