Remote work, pirated software, and local admin rights: A deadly cocktail

It is often said that the endpoints are the most vulnerable part of the network as they are increasingly becoming an entry point for malware. When something is susceptible to attacks, can it be converted as a defender instead (with proper security orientation, of course)? Is there a way to make endpoints the frontline defenders, instead of labeling them as vulnerable?

Before getting into the answer, let us analyze the following observations made by the security researchers recently:

• More than 85% of the threats in Windows arise because of local administrator rights.
• Employees working from home tend to install pirated software. There is a 20% spike in software piracy during this pandemic period.
• About 34% of pirated software carry malware.

IT Managers have always faced the dilemma of convenience versus security. When they tend to put security restrictions, they often face resistance from developers and end-users, as the security restrictions often slow down their work.

In this backdrop, traditionally, it has been a common practice to grant local admin privileges to the end-users on their workstations. Though this approach gives the users flexibility to run applications without any approvals, it brings a very high risk.

As a local admin, the users can download and use any software without the organization’s approval. This is where many security issues begin. Developers download various software utilities or install unapproved software (freeware or pirated versions) for personal use or to carry out their work. This practice brings not only security issues but also legal and compliance issues too.

On the security front, the downloaded software itself could be malware or a malware carrier. For example, spyware might be bundled with the pirated software to spy on the users silently. Attackers then thrive on this and start misusing the admin privileges.

Remote work and the spike in the use of pirated software

Cylynt, a firm that offers compliance and licensing management solutions, has estimated that software piracy has increased by 20% due to COVID-19 work from home. It reports that WFH employees tend to download or make illegal copies of the software they need for their jobs. As pirated software carry the risk of malware, it warns that remote work environments are making the job of hackers easy to breach into an enterprise network.

Cybercriminals use pirated software to fuel malware

A Microsoft-commissioned study by the Faculty of Engineering at the National University of Singapore (NUS) has quantified the link between software piracy and malware infections. The researchers examined many copies of pirated software downloaded from the internet and tested them for malware. The findings were shocking:

• 100% of the websites that host links to download pirated software expose users to multiple security risks,
• 34% of the downloaded pirated software came bundled with malware that infect the computer once the download is complete or when the folder containing the pirated software is opened.
• 24% of the malicious programs bundled with the pirated software downloads deactivated the anti-malware software running on the computer.
• About 31% of downloaded pirated software did not complete the installation, but they rerouted traffic to torrent hosting sites that subject users to malware and other unwanted advertisements.

It is evident that software piracy could lead to large-scale malware infection.

Local admin rights and pirated software: The deadly cocktail

Endpoints with users possessing local administrator rights getting infected with malware is not a new phenomenon. However, local admin rights and usage of pirated software prove to be a deadly cocktail that could easily hurt an organization’s cybersecurity defenses. Often, this is all hackers need to gain a foothold into your enterprise network.

Since local admin rights allow users to turn off the anti-virus, firewalls, encryptions, and even group policies, when infected, the malware gets the ability to do the same. If multiple users use a single infected device, hackers gain access to other user profiles leading to data breaches, theft, and privacy concerns.

That means, when an organization allows local administrator rights on endpoints, the pirated software (containing malware) installed by just one user could potentially harm the entire organization by easily and quickly spreading across the network.

The root cause of this security issue is allowing local administrator rights, which makes the endpoints the most vulnerable part of the network. How do we make them the frontline defenders instead?

Remove local admin rights to stay secure

Just as we equate traveling light to traveling smart, removing local admin rights and staying light on privileges is the best way to stay secure. This cuts down vulnerabilities and reduces the opportunities for the attacker.

However, removing local admin rights may force the user to depend on the IT help desks for something as simple as installing a printer. This might create an unnecessary burden on help desks, besides causing frustration for users.

What's the best way to remove local admin accounts while ensuring the flexibility for the users to run their business operations seamlessly?

This is where privilege management solutions like Securden Endpoint Privilege Manager come in handy. These products allow the standard users to run the applications that typically require admin rights but without elevating the users as administrators. They elevate applications on-demand for standard users. The best part is deploying whitelisting after removing admin rights. You can create policies allowing users to elevate trusted applications seamlessly. Self-service portals and workflows help handle the elevation of new applications.

Securden Endpoint Privilege Manager comes with a host of other monitoring and auditing features that help you handle privileges, prevent the use of pirated software, and safeguard your organization from malware. Start your 30-day trial or book a demo.