A new study of penetration testing projects (pentesting) by Positive Technologies has revealed that cybercriminals can enter corporate networks 93% of the time. The study was conducted with financial organizations, organizations in the fuel and energy sector, government agencies, industrial companies, IT companies and other sectors.
An attacker’s journey from external networks to target systems begins with a breach in the network perimeter. According to the study, it takes an average of two days to enter the internal network of a company. Compromised credentials are the primary route of access (71% of organizations), primarily due to the use of simple passwords, especially for accounts used for systems administration.
Ekaterina Kilyusheva, Head of Research and Analysis at Positive Technologies, says: “In 20% of our pentesting projects, clients have asked us to check what unacceptable events could be possible as a result of a cyber attack. These organizations identified an average of six unacceptable events each, and our pentesters set out to trigger them. According to our customers, events related to the disruption of technological processes and the provision of services, as well as the theft of funds and important information represent the greatest danger. In total, Positive Technologies’ pentesters confirmed the feasibility of 71% of these unacceptable events. Our researchers also found that a criminal would not need more than a month to carry out an attack that would trigger an unacceptable event. And attacks on some systems can be developed within days.“
Once an attacker has credentials with domain administrator privileges, he can obtain numerous other credentials to move sideways on the corporate network and gain access to key computers and servers. . According to the study, most organizations do not have network segmentation by business process, which allows attackers to develop multiple attack vectors simultaneously.
“In order to build an effective protection system, it is necessary to understand which unacceptable events are relevant to a particular business.“, added Kilyusheva.”By tracking the flow of the operational process, from unacceptable events to target systems and key systems, it is possible to track their relationships and determine the sequence of protective measures used. To make it more difficult for an attacker to progress from within the corporate network to target systems, organizations can take a number of interchangeable and complementary actions, including separating business processes, configuring security control, strengthening surveillance and lengthening the chain of attack. The choice of technological solutions to use must be based on the capabilities and infrastructure of the company.”
Source : Positive Technologies
And you ?
Do you find this study relevant?
Why do you think the financial sector is the most affected?
How often does your business experience network entry attempts?
See as well :
89% of companies were adversely impacted in the time between detection and investigation of a cyberattack in the cloud, due to lack of resources and time
22% of employees are likely to put their business at risk of a cyberattack through a successful phishing attempt, according to Phished
75% of organizations recognize the importance of zero trust in cybersecurity, but only 14% of them have fully implemented this approach, according to One Identity
Software Development Firms Among Most Threatened By Security Breaches, Followed By Publishing Companies, And Research Firms, According To Foxtech