Security News Software exploits overrated - it's the humans you need to be watching

SpartacusSystem

Level 7
Thread author
Verified
Well-known
Aug 6, 2015
306
Dumb passwords and phishing the main threats
patching_983324.jpg


Weak passwords and phishing offer far easier mechanisms for breaking into most organizations than exploiting software vulnerabilities.

A study by US cybersecurity firm Praetorian based on 100 penetration tests and 450 real-world attacks discovered that stolen credentials offer the best way into enterprise networks.

Software vulnerabilities fail to make it into Praetorian's top five:

  1. Weak domain user passwords (a root cause of compromise in 66 per cent of cases).
  2. Broadcast name resolution poisoning (aka WPAD – 64 per cent).
  3. Local administrator attacks (aka Pass the Hash – 61 per cent).
  4. Cleartext passwords stored in memory (aka Mimikatz – 59 per cent).
  5. Insufficient network access controls (52 per cent).
Ninety-seven per cent of organizations have more than one root cause of compromise. The practical upshot of the report is that there should be more focus on guarding against stolen credentials and network segmentation as defenses, rather than playing "whack-a-mole" with software vulnerabilities.

Hackers most commonly use stolen credentials, often first obtained through phishing or other social engineering, to break into targeted networks and (eventually) gain access to sensitive resources, sometimes as part of a multi-stage process.

attack_anatomy.jpg

Sample attack anatomy [source: Praetorian white paper]

Although the methodology of the study was more focused on the playbook pen testers than adversarial hackers (hacktivists, financially motivated cybercrooks and intel agencies), the study still offers insights. For example, it goes some way towards explaining why hackers focus on spear phishing and other social engineering-style attacks rather than scanning for and exploiting software vulnerabilities – which Praetorian characterizes as "noisy" and in any case unnecessary to the process of identifying site-wide vulnerabilities.

"Social engineering will always be successful to achieve initial access to an organization," Joshua Abraham, practice manager at Praetorian told El Reg. "One percent of employees will always be susceptible to social engineering attacks."

"Organizations should put controls and processes in place to reduce the blast radius when an attack is successful. Therefore our research was focused on the attack vectors that are used after the initial access has been achieved. This can be used to focus defensive efforts based on the attacker's playbook," he explained.

Abraham added that Praetorian's findings were consistent with the methodology of nation state attacks as outlined by Rob Joyce, NSA Tailored Access Operations chief, at the recent USENIX Enigma conference. Notes from this presentation can be found here.

Black hats also make more reliance on stolen credentials than is commonly imagined, according to Abraham. "Looking at how HackingTeam was breached, the tools are consistent with our approach as well. The main difference is that black hat hackers are not limited by scope, rules of engagement and the timeframe of the engagements," he said.

Access to Praetorian's full (16-page) report can be found here (email address registration required).
 

simbelmayne

Level 3
Verified
Jul 4, 2016
101
It was predictable, really =) You can get into the system of almost any company just by dropping few flash drives over the parking place near the building of company, as it was in Mr. Robot. People are the weak link, and soon machines will understand it!
 

davidp

Level 1
Verified
Aug 16, 2016
26
People are fallible, and always will be (regardless how much training they attend to "correct" this). Better defensive measures are a better investment (beyond a healthy dose of user skepticism).
 
  • Like
Reactions: Logethica
H

hjlbx

Ignorant human behavior; user doesn't know any better and\or is negligent = No. 1 system killer.
 
  • Like
Reactions: Logethica

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top