Talos published research into threat actors increasing use of third-party compromised accounts to access organizations’ networks. Vendor and contractor accounts (VCAs), as Talos calls them, are attractive to adversaries due to elevated privileges and unusual activity compared to an organizations’ regular workforce, making it easier to mask malicious behavior.

Members are recommended to take steps to understand the risk of network exposure related to VCAs. Once this risk is understood, Talos provides a few security recommendations. VCAs should have least privilege access applied and regularly be disabled when not in use. Logging related to VCAs should be increased and subject to heightened scrutiny, especially when remotely accessing the network due to the risk of a third-party contractor utilizing an unpatched device. Finally, having a dedicated application for VCAs to access the network can streamline VCA management. Read more at Talos.