A hacker's paradise?

Thycotic has released the findings from its 2018 Black Hat conducted survey of more than 300 hackers nearly 70 percent of which help organizations improve security and identify as "white hat hackers."

  • 6 years ago Posted in
The findings reflect hackers' perspectives on vulnerabilities and attack vectors they find easiest to exploit. According to the findings, 50 percent of hackers say they easily compromised both Windows 10 and Windows 8 within the past year.

 

Operating Systems are only as secure as the people using them, and the configurations applied.  Knowing that compromise of user accounts is probably inevitable, organizations need a "zero-trust" strategy that emphasizes least privilege to limit overprivileged accounts that give hackers wide and undetected access. Many companies use Group Policy Objects (GPO) to centralize the management, configuration and security of Windows domain-connected devices. However, GPO policies are dependent on multiple factors and hackers indicate that they can easily bypass these security controls.

 

"The 2018 Black Hat Hacker Report indicates that our operating systems and endpoints remain woefully vulnerable to hackers and threats from cyber criminals," said Joseph Carson, Chief Security Scientist at Thycotic. "By combining a least privilege strategy with other security layers such as multi-factor authentication, behavior analytics and privileged account protection, organizations can build and maintain a more effective and dynamic security posture to keep cyber criminals from exploiting their IT environments." 

 

Unfortunately, most organizations are falling short when it comes to applying least privilege policies. The surveyed participants indicated that more than 74 percent of organizations are not doing a good job of implementing the principle of least privilege. This leads to poor password protection and the theft of credentials, followed by the elevation of privileges which allow cyber criminals to seize administrative controls and conquer the network.

 

Additional findings from the survey include:

  • 26 percent of the hackers surveyed said they most often infiltrated Windows 10 OS. 22 percent hacked Windows 8 the most, followed by 18 percent for Linux and less than just 5 percent for Mac.
  • There is clearly a dominant method used by hackers for seizing privileged accounts as 56 percent of those surveyed said social engineering is the fastest technique.
  • The top two ways these hackers elevate privilege are through use of default vendor passwords and the exploitation of application and OS vulnerabilities.
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...