{"id":5027,"date":"2022-02-28T16:51:47","date_gmt":"2022-02-28T21:51:47","guid":{"rendered":"https:\/\/www.stratospherenetworks.com\/blog\/?p=5027"},"modified":"2022-02-28T16:51:47","modified_gmt":"2022-02-28T21:51:47","slug":"why-you-need-to-disable-inactive-accounts-right-now-the-cybersecurity-risks-of-ghost-accounts","status":"publish","type":"post","link":"https:\/\/www.stratospherenetworks.com\/blog\/why-you-need-to-disable-inactive-accounts-right-now-the-cybersecurity-risks-of-ghost-accounts\/","title":{"rendered":"Why you need to disable inactive accounts right now: The cybersecurity risks of \u2018ghost accounts\u2019"},"content":{"rendered":"

\"AA company grappling with a Nefilim ransomware incident<\/a> reached out to the security solution provider Sophos for assistance. The Sophos Rapid Response team immediately set out to resolve the incident, according to a Sophos News article<\/a>.<\/p>\n

While investigating how the attack occurred, they found that a bad actor had commandeered an admin account a full month before launching the ransomware campaign. The admin account happened to belong to someone who died a few months before the hacker put their plan into motion.<\/p>\n

This is one example of how a \u201cghost\u201d account can lead to a major cybersecurity incident. Whether the user in question passed away or moved on to another organization, it\u2019s common for businesses to retain old accounts.<\/p>\n

In the case of the Sophos customer, the company continued to use the account at times for some services, but many companies allow accounts to go completely stale. These accounts end up being not just a waste of storage space but also a potential gateway for hackers trying to infiltrate corporate networks.<\/p>\n

What are ghost accounts?<\/h2>\n

A ghost account (a.k.a., ghost user) is an inactive account that still has access to your IT network and systems, according to the Security Boulevard article, \u201c\u2018Ghost Users\u2019 and Non-Expiring Passwords a Major Security Issue for Most Businesses<\/a>.\u201d This can happen when someone leaves the company or passes away, and the IT team forgets to shut down their account.<\/p>\n

These accounts sit around collecting dust and taking up database space. This sort of oversight is far from rare: As of 2020, over 10 percent of Azure Active Directory user accounts were inactive based on their last log-on time or password change, according to Microsoft<\/a>. Additionally, in a 2021 analysis of the financial services industry<\/a>, the cybersecurity solution provider Varonis found that approximately 40 percent of organizations had upwards of 10,000 ghost accounts.<\/p>\n

Why are inactive accounts a security risk?<\/h2>\n

Dormant accounts create prime opportunities for cybercriminals to access your data and sneak around your network undetected for an extended period, according to Security Boulevard. It\u2019s similar to the trope of characters stealing uniforms to traverse an enemy base unnoticed (e.g., when Luke Skywalker and Han Solo disguise themselves as stormtroopers in \u201cStar Wars\u201d).<\/p>\n

There are plenty of examples of criminals using this trick to cause significant damage. For instance, the Colonial Pipeline attack started with a bad actor hacking an inactive VPN account to access the network, according to the TechHQ article, \u201cInactive user accounts pose security threats for organizations<\/a>.\u201d<\/p>\n

How to stop stale accounts from leading to cyberattacks<\/h2>\n

Knowing that ghost accounts can come back to haunt you in a catastrophic way, how can you minimize security risks related to inactive users? There are a few steps you can take to avoid breaches stemming from stale accounts, according to Sophos:<\/p>\n