The unexpected creation of multiple privileged user accounts-especially outside normal change-control windows-is a classic persistence technique used by attackers. Such accounts grant long-term access and often go unnoticed unless specifically monitored. The other events (successful scheduled backup, a normal password-change logout, and an automatic service restart after a routine patch) are consistent with legitimate administrative or user actions and are less likely to indicate malicious persistence.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why do attackers create multiple user accounts?
Open an interactive chat with Bash
What are some signs of unauthorized access that security teams should look for?
Open an interactive chat with Bash
How can organizations prevent the unexpected creation of user accounts?