November 27, 2020Blog
Despite its many advantages, RPA can introduce major new safety risks and increase the total attack surface of an enterprise. Remember that a company can use thousands of software robots in production, which are activated and deactivated on demand in a typical enterprise RPA deployment. Every hour, or even every minute, these robots will perform many automated, functional tasks. Each of these software robots needs privileges to connect to target systems and applications to perform assigned tasks. They become ripe targets if these non-human credentials are left unsecured. To move laterally and advance their attack, attackers may compromise these valuable credentials. These unsecured credentials will extend the attack vector exponentially, provided the number of bots deployed in production at any given moment.
A strong, emerging technology and a hot topic of conversation is Robotic Process Automation (RPA). Many individuals remain unclear on grasping the specifics, considering the buzz.
Does RPA suggest that businesses will soon recruit futuristic robot armies to do the job that humans once did (remember the movie I, Robot)? Not entirely. Let us begin with a description. In other words, RPA uses “software robots” to automate much of the manual “handwork” involved in everyday business, such as entering data (invoices, POs, etc.) from one program into another. RPA is the use of software with artificial intelligence and machine learning capabilities to handle high-volume tasks that previously required a human to perform.” RPA uses “software robots” The “head work,” or cognitive automation, needed to extract information from unstructured sources, is what RPA does NOT concentrate on. This is the work and irreplaceable importance of the organization’s individuals. RPA is not intended to replace workers, but rather to allow them to maximize their expertise and skills and concentrate their energies on business-critical work. RPA clearly fills the holes, offering 24-7, cross-geography assistance for routine, time-consuming activities.
So what do IT security professionals need to know about RPA platforms and the connection to privileged credentials? Simply put, it is a new attack vector and the strong, privileged accounts within these RPA networks need to be secured by organisations.
Because RPA software communicates directly with business applications and imitates how applications use and mirror human credentials and entitlements, when software robots automate and execute repetitive business processes through multiple systems, this may pose significant risks.
Securing robotic credentials is paramount in order to reduce these risks. Software robots require power access’ (or privileged access) to carry out their task in order to automate processes within an environment, whether it is logging into a system(s) to access data or transferring a process from step A to step B. This results in the storage of a large number of credentials in the application. An attacker who gains access to the location of the RPA password storage and cracks the proverbial “password piñata,” can then take the passwords and take control of the robots eventually. Like any other compromised off-the-shelf (COTS) commercial program, attackers can exploit these strong credentials to do their bidding, but it’s on an even larger scale with RPA. Most organizations employ multiple software robots, often hundreds or even thousands, that access multiple systems and perform multiple processes at the same time. With this in mind, the level of danger to the company may be understood.