Impact - Data Manipulation - Insurance Domain
Dinesh Jeev
Head of Cyber Security Practice | Lead - Digital Software Development, AI & Cloud Services | Co-Founder - BlueScript.ai | Mainframe Modernization | Author - “Scarecrows: Hacker’s Handbook”
INTRO :Intelligent use of data is essential in helping insurance providers deliver quotes that offer the best chance of conversion, based on individual risk and enhance the customer journey to create and retain strong customer relationships. Failure to do this will mean loss of market share to competitors that are beginning to harness technology and data to improve their products. Compromise of a single privileged access account/ Web Admin Access can instantly jeopardize the security of the entire organization & in the worst case scenario, inflict colossal damage.
STATS: After all, 100% of all major recent cyber security breaches (e.g. Snowden, Target, JP Morgan, Anthem etc.) involved the compromise & subsequent misuse of a single privileged access account. Then there was the Sony Hack, possibly the biggest in history, which showed just how much damage can be inflicted on an organization by the compromise of just 1 privileged access account
FACTS: By stealing an algorithm for insurance quotes, manipulation on price, comparison rates, particularly in relation to fronting, with the risk of policies being invalidated.The impact of the compromise of a privileged access account with unrestricted access is clear & most organizations are taking measures to minimize & adequately protect all such accounts.It is imperative to understand that because the administrator of a system is by definition an integral part of the system's Trusted Computing Base (TCB). he/she can always turn off, disable, bypass or circumvent any additional security measure that might be put in place to prevent him/her from accessing a resource on the network. The administrator of a system can never be prevented from obtaining access to any and every IT resource in the system.The Insurer suspected that some quotes were coming from competitors looking to determine their actuarial formulas. With enough quotes generated, a competitor could, in theory, reverse-engineer the algorithm generating each resulting quote based on the variable inputs. This intellectual property theft would put the Insurer at risk of losing their competitive advantage in the market as their rivals would be able to easily under price the Insurer and steal away potential customers.
Beyond the dummy quotes, the Insurer had concerns that they were a potential target for account takeover attacks on their banking login endpoint. The impact of compromise of a restricted (delegated) access administrative account that only has sufficient access to enact the following tasks
· Create a domain user account
· Reset a domain user account's password
· Modify the membership of a domain security group
· Delete a domain security group
· Modify the user Account Control attribute on a computer's account object
· Modify the security permissions protecting an Organizational Unit
· Link a Group Policy Object (GPO) to an Organizational Unit
· Disable the Smart card is required for interactive logon option on domain user accounts
· Modify the keywords of a service connection point
· Modify the security permissions on the AdminSDHolder object