SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Breach Prevention
#
Cybersecurity
#
Firewall
Cybercriminals hack 93% of company networks - report
Wed, 22nd Dec 2021
FYI, this story is more than a year old
Author image
By Shannon Williams, Journalist
Follow us

Positive Technologies has issued a new research report analysing results of the company's penetration testing projects carried out in the second half of 2020 and first half of 2021.

In 93% of cases, an external attacker can breach the organisations network perimeter and gain access to local network resources, and it takes an average of two days to penetrate the company's internal network. In 100% of companies analysed, an insider can gain full control over the infrastructure.

The study was conducted among financial organisations (29%), fuel and energy organisations (18%), government (16%), industrial (16%), IT companies (13%), and other sectors.

During the assessment of protection against external attacks, Positive Technologies experts managed to breach the network perimeter in 93% of cases. According to the company's researchers, this figure has remained high for many years, confirming that criminals are able to breach almost any corporate infrastructure.

"In 20% of our pentesting projects, clients asked us to check what unacceptable events might be feasible as a result of a cyberattack," says Ekaterina Kilyusheva, head of research and analytics, Positive Technologies.

"These organisations identified an average of six unacceptable events each, and our pentesters set out to trigger those. According to our customers, events related to the disruption of technological processes and the provision of services, as well as the theft of funds and important information pose the greatest danger," she says.

"In total, Positive Technologies pentesters confirmed the feasibility of 71% of these unacceptable events. Our researchers also found that a criminal would need no more than a month to conduct an attack which would lead to the triggering of an unacceptable event. And attacks on some systems can be developed in a matter of days."

"Despite the fact that financial organisations are considered to be among the most protected companies, as part of the verification of unacceptable events in each of the banks we tested, our specialists managed to perform actions that could let criminals disrupt the bank's business processes and affect the quality of the services provided.

"For example, they obtained access to an ATM management system, which could allow attackers to steal funds."

An attacker's path from external networks to target systems begins with breaching the network perimeter. According to our research, on average, it takes two days to penetrate a company's internal network. Credential compromise is the main way criminals can penetrate a corporate network (71% of companies), primarily because of simple passwords used, including for accounts used for system administration.

An attacker who has the credentials with domain administrator privileges can obtain many other credentials for lateral movement across the corporate network and access to key computers and servers. Administration, virtualization, protection, or monitoring tools often help an intruder gain access to isolated network segments. According to the study, most organizations have no segmentation of the network by business processes, and this allows attackers to develop several attack vectors simultaneously, and trigger several of a company's unacceptable events.

"In order to build an effective protection system, it is necessary to understand what unacceptable events are relevant for a particular company," Kilyusheva says.

"Going down the path of the business process from unacceptable events to target and key systems, it is possible to track their relationships and determine the sequence of protection measures in use.

"To make it more difficult for an attacker to advance inside the corporate network toward the target systems, there are a number of interchangeable and complementary measures organisations can take, including separation of business processes, configuration of security control, enhanced monitoring, and lengthening of the attack chain," she says.

"The choice of which technology solutions to use should be based on the company's capabilities and infrastructure."

Related stories
Customers vs banks - Where should the buck stop in preventing finance scams?
Waave launches biometrically secured Waave Wallet in Australia
Legit Security announces strategic partnership with GuidePoint Security
'Junk gun' ransomware: New low-cost cyber threat targets SMBs
Healthcare sector's cybersecurity confidence misplaced, warns Kroll report
Top stories
New ITW Global Leaders Forum code targets international voice fraud
Gen AI optimism high in ANZ but cybersecurity concerns loom
NetApp 2024 report uncovers 'disrupt or die' era powered by AI
Ransomware activity spikes 20%, hospitals now in crosshairs
Mandiant unveils latest M-Trends 2024 cybersecurity report