Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label pentesting projects. Show all posts

External Attackers Can Penetrate Most Local Company Networks

 

Positive Technologies in a recently published research claimed that external attackers can breach 93% of organizations’ network perimeters and obtain access to their resources. The study showed that in 93% of cases it only takes an average of two days to penetrate the company’s internal network. 

In addition, another concerning finding was that in 100% of cases companies examined that an insider can have full control over the infrastructure. According to the company’s researchers, this figure has remained high for many years, confirming that cybercriminals are able to breach almost any corporate infrastructure. The study was conducted among financial organizations (29%), fuel and energy organizations (18%), government (16%), industrial (16%), IT companies (13%), and other sectors. 

The most common way of penetrating a corporate network was found to be credential theft. This mainly resulted from weak passwords, no patches, and they were running services they didn't need, all of which were unprotected. The researchers further added that organizations do not have network segmentation by business processes and this enables cybercriminals to develop various attack vectors at once. 

“In 20% of our pentesting projects, clients asked us to check what unacceptable events might be feasible as a result of a cyberattack. These organizations identified an average of six unacceptable events each, and our pentesters set out to trigger those. According to our customers, events related to the disruption of technological processes and the provision of services, as well as the theft of funds and important information pose the greatest danger...,” said Ekaterina Kilyusheva, Head of Research and Analytics, Positive Technologies. 

“...In total, Positive Technologies pentesters confirmed the feasibility of 71% of these unacceptable events. Our researchers also found that a criminal would need no more than a month to conduct an attack which would lead to the triggering of an unacceptable event. And attacks on some systems can be developed in a matter of days,” Kilyusheva added.