The majority of computer systems and networks are vulnerable to small-class cybercrime
The recent study published by Positive Technologies showed that 61% of networks and information systems are likely to be easily attacked and infiltrated by novice hackers.
The study also showed that it takes 3 days for medium-level cybercriminals to compromise the networks of all the companies involved.
This article will also interest you: Coronavirus-proof computer networks
In sum, it was noted that 97% of companies generate network traffic deemed questionable by the security company. The same number still struggles to detect malware and spyware that may have been installed on their network or is the result of cybercriminal activities.
These results were the result of a series of tests of Pentests a little special carried out by the ethical hackers of Positive Technologies. Ways of practising the firm's specialists have made attempts to infiltrate the network, from several companies. The objective was to be able to verify the maximum level of a director's privilege that a cybercriminal could divert to his advantage when trying to make a remote attack, through the privileges of traditional users such as employees whose identifiers would have been stolen.
Intrusion tests carried out by Positive Technologies specialists also aim to assess the effectiveness of the security resources made available by the client company. They also measure the skills of security teams in detecting and preventing cyber attacks. And all this is a look of an unexpected exercise set.
Let's also sign that everything was done at the request of Positive Technologies customers. It was from this experience that the company produced the report on its study. It should then be noted that the specialists of the security company managed to take control of all the computer systems and networks of the companies involved in the intrusion testing phase.
In addition, the study also found that 61% of companies that have been tested can be pumped into domain administrator rights by novice hackers. This means that security is not organized enough to block anyone with bad intentions. In some cases, 10 minutes were enough to gain all the directors' powers over the company's computer system.
For all intents and purposes, it should be noted that the majority of cybercriminal intrusions tend to rely on certain habits of users or even security system managers to go unnoticed.
This means that when there is not good management, such as zero Trust a good organization and use of the tools of dynamic allocation of administrator privileges, hackers in the ability to easily carry out their actions, and makes them look like legitimate actions. The report accounts for 86% of legitimate actions attacks and 96% of brute force attacks to crack the code and identify users have succeeded.
The Positive Technologies report raises a recurring but rather disturbing fact. Basic security measures are still not being followed. That is, the lack of regular updates in the majority of the software used. Poor password management, poor configurations of important tools for system organization and poor digital hygiene on the part of employees.
"When attacking internal networks, hackers typically use specific OS or Kerberos and NTLM authentication mechanisms to collect credentials and move from one computer to another. For example, hackers can extract credentials from the operating system's memory using special utilities, such as MimiKatz, Secretdump and Procdump, or using embedded operating system tools, such as taskmgr, to create a memory dump of the lsass.exe process," said Dmitry Serebryannikov, Director of Security Audit at Positive Technologies.
The Company advises its customers not to use previous versions of Windows other than Windows 8.1 and Windows 10. For his part, Dmitry Serebryannikov also advocates to ensure that "the preferred users are placed in the Protected Users" group. It also notes that "recent versions of Windows 10 and Windows Server 2016 have Remote Credential Guard, a technology that isolates and protects lsass.exe from unauthorized access.And for additional protection for privileged accounts such as domain administrators, we recommend the systematic use of two-factor authentication. ».
Now access an unlimited number of passwords: