TechTronBlog.com

Technology, Innovation, Collaboration
Menu
  • Features
  • Gadget
  • Mobile
  • Uncategorized

Daily Tech Updates Sent to your Email

Join our Newsletter
Home
Features
Report: Unskilled hackers can breach about 3 out of 4 companies
Features

Report: Unskilled hackers can breach about 3 out of 4 companies

August 17, 2020

Positive Technologies found in a recent study that criminals with few skills can hack a company in less than 30 minutes.

” data-credit=”Image: iStock” rel=”noopener noreferrer nofollow”>two hackers trucker hat hoodie pentesters

Image: iStock

Despite cybersecurity efforts, bad actors continue to find ways to hack businesses. Consequently, security efforts are focused on how to prevent these destructive breaches. Penetration testers (pentesters) were successful in breaching the network perimeter and accessing the local networks of 93% of companies, according to a recent report from the security information company Positive Technologies. 


Pentesters are ethical hackers, hired by a company, who mimic the actions of criminal hackers, and look for and find the areas of vulnerability within the company’s security. Given the assignment, it’s best served when the client has a security system already in place.

Testing an external network, such as the internet, is called an external pentest. Pentesters try to find as many ways as they can to penetrate the local network, and the combination of external-and-internal network breaches represent 58% of hacks, and external alone, 19%.

Comparatively,  in an internal pentest, attacks (23%) originate from inside the company, by testing, for example, typical employee privileges or with the physical access available to a random visitor. An internal pentest can determine the highest level of privileges an attacker can obtain. 

SEE: Fighting social media phishing attacks: 10 tips (free PDF) (TechRepublic) 

Pentesters offer an expert’s opinion and analysis of the effectiveness of their clients’ security system, as well as cyber threat preparedness.

One-sixth of pentestered companies revealed traces of previous attacks. While the average time to penetrate a local network was four days, pentesters found it could be done in as little as 30 minutes. But in the majority of cases, the successful attacks lacked much complexity, and pentesters said the attack was within the purview of a hacker with “middling” skills. 

Only 7% of systems tested were adequate enough to withstand any breaches, but 25% were hacked in a single step, 43% in two steps, and 25% in three to six steps. 

The testing revealed some alarming vulnerabilities, including the fact that at 71% of companies, even an unskilled hacker was able to penetrate the internal network. 

Another revelation was that 77% of breaches were related to insufficient protection of web applications, and pentesters discovered at least one vector at 86% of companies. A penetration vector, the report explained, refers to a method that explores the weaknesses which allowed the breach in a network perimeter.

Pentesters were able to breach 77% of businesses through web application protection vulnerabilities, 15% through brute forcing credentials used for accessing DBMS, 6% brute forcing credentials for remote access services, and 1% each through brute forcing domain-user credentials with software vulnerabilities exploitation, as well as with software vulnerabilities exploitation as well as bruteforcing credentials for the FTP server.

Risk-level of detection is 57% for web application vulnerabilities, 50% for password policy flaws, 29% vulnerable software, 25% configuration flaw.

Report recommendations

  • Perform security assessments of web applications regularly.

  • Penetration testing is performed as a “black box” without access to source code, so some issues may not be detected.

  • Use tests for source-code analysis (white box); it detects the most issues.

  • Repairs can take significant time. 

  • Issues may also appear in third-party software (app’s vulnerable until that third party releases a patch.

  • Protect the network perimeter with a web application firewall (WAF) to prevent exploitation of vulnerabilities.

  • Ensure interfaces open for connection actually need to be available to all internet users.

  • Regularly inventory internet-accessible resources.

  • Install OS security updates ASAP.

  • Install latest versions of apps ASAP.

  • Be sure software with known vulnerabilities is not on the corporate network perimeter.

  • Regularly conduct penetration testing.

Unsurprisingly, pentesters are most popular in the finance field, with 32% of companies who want to protect their money matters. There’s a tie for second place, 21% for both IT as well as fuel and energy.







Cybersecurity Insider Newsletter


Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays




Sign up today




Also see 


Share
Tweet
Email
Prev Article
Next Article

Related Articles

https://www.techrepublic.com/article/fortnite-maker-epic-games-battles-apple-and-google-over-app-store-ouster/#ftag=RSS56d97e7

Fortnite maker Epic Games battles Apple and Google over app store ouster

https://www.techrepublic.com/article/how-cybercriminals-are-exploiting-us-unemployment-benefits-to-make-money/#ftag=RSS56d97e7

How cybercriminals are exploiting US unemployment benefits to make money

About The Author

Leave a Reply

Cancel reply

Recent Posts

  • New tech and gadgets you absolutely can’t miss
  • Razer Pro Click ergonomic wireless mouse maximizes your productivity
  • Lume Cube Panel Mini Bicolor LED Light provides on-the-go lighting for photographers
  • LINKA LEO GPS Smart Bike Lock can track your bicycle’s movements in more than 100 countries
  • Razer Pro Glide soft mouse mat cushions your hand during use

Recent Comments

    Archives

    • August 2020

    Categories

    • Features
    • Gadget
    • Mobile
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    TechTronBlog.com

    Technology, Innovation, Collaboration
    Copyright © 2021 TechTronBlog.com
    Theme by MyThemeShop.com

    Ad Blocker Detected

    Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

    Refresh