Pen Testers Breach Perimeter Through Web Apps
Penetration tests help organizations gain a better understanding of how protected they are against cyber-attacks, and when Kaspersky Lab’s performed several dozen cybersecurity assessment tests on corporate networks, it found that the overall level of protection against external attackers was low or extremely low for almost half of the analyzed companies.
The report, Security Assessment of Corporate Information Systems in 2017, found that three-quarters (73%) of successful perimeter breaches in 2017 were achieved using vulnerable web applications.
Using weak or default credentials to attack publicly available management interfaces was also a common vector threat actors employed to penetrate the network perimeter. Experts gained administrative access to IT infrastructure in 29% of the external penetration tests performed, but the success rate soared to 86% of the analyzed companies when testing against internal attackers. In 42% of those cases, it took penetration testers only two steps to gain the highest privileges granting them access to important business systems.
“An extremely low level of protection corresponds to those cases where we were able to penetrate the network perimeter and gain access to the critical resources of the internal network,” the report stated.
While the level of protection against internal threats – a threat actor inside the corporate network – was low or extremely low for 93% of the analyzed companies, the analysis showed that organizations are better protected against external threats. The overall level of protection against external threats – an outside intruder from the internet – was low or extremely low for 43% of organizations.
“Qualitative implementation of the simple security measures like network filtering and password policy would significantly increase the security stance,” said Sergey Okhotin, senior security analyst of security services analysis at Kaspersky Lab in a press release. “For example, half of the attack vectors could have been prevented by restricting access to management interfaces.”
Source: Information Security Magazine