Organizations remain vulnerable to brute force attacks
Gaining access to accounts is often done the old-fashioned way, using brute force guesses, but a new report reveals that many devices and accounts still have default usernames and passwords.
The study from visibility and testing company Ixia shows the top five username guesses as root, admin, ubnt, support, and user -- ubnt being the default username for AWS and other cloud services based on Ubuntu.
Among other things the report reveals are the top five phishing targets as being Google, Paypal, Facebook, Microsoft, and Alibaba. Over the summer of 2016 ransomware attacks outpaced conventional phishing. Fake Adobe updates are the most prevalent drive-by method for delivering malware or phishing attacks.
Increasing network complexity in organizations is also creating its own vulnerability. The average enterprise is using six different cloud services, and network segmentation is increasing, yet 54 percent of enterprises are monitoring less than half of those network segments, and less than 19 percent of companies believe that their IT teams are adequately trained on the wide array of network appliances they are managing.
"Organizations need to constantly monitor, test and shift security tactics to keep ahead of attackers in the fast-paced threat landscape we all deal with today. This is especially important as new cloud services and increased IoT devices are routinely being introduced," says Marie Hattar, chief marketing officer at Ixia. "To do this effectively, organizations must start by studying their evolving attack surface and ensure they have the proper security expansion measures in place. Simple but effective testing and operational visibility can go a long way to improving security."
You can find out more in the full report which is available to download from the Ixia website.