Enterprises need to adopt 'zero-trust' security posture
Privileged access management specialist Thycotic has released the results of its latest survey, conducted at this year's Black Hat, on hackers' perspectives on vulnerabilities and the attack vectors they find easiest to exploit.
It shows that 50 percent of hackers surveyed -- 70 percent of whom describe themselves as ethical -- say they easily compromised both Windows 10 and Windows 8 within the past year.
Knowing that compromise of user accounts is probably inevitable, organizations need to move to a 'zero-trust' posture that emphasizes least privilege to limit over privileged accounts that give hackers wide and undetected access.
Unfortunately this isn't happening in practice, the surveyed participants indicate that more than 74 percent of organizations are not doing a good job of implementing the principle of least privilege. This leads to poor password protection and the theft of credentials, followed by the elevation of privileges which allows cyber criminals to seize administrative controls and conquer the network.
Among other findings are that 26 percent of the hackers surveyed say they most often infiltrate the Windows 10 OS. 22 percent hack Windows 8 the most, followed by 18 percent for Linux and less than five percent for Mac.
There is clearly a dominant method used by hackers for seizing privileged accounts, as 56 percent of those surveyed say social engineering is the fastest technique. The top two ways these hackers elevate privilege are through use of default vendor passwords and the exploitation of application and OS vulnerabilities.
"Hackers tend to target the most popular and commonly used operating systems, so Windows is still the most targeted, because the install base is quite large so if you create an attack you’re more likely to be able to reuse it rather than have to create something custom," says Joseph Carson, chief security scientist at Thycotic. "Companies using Microsoft's built-in security tools is often not enough to prevent hackers getting access, mostly due to misconfigurations leaving them open to attack."
The full report is available to download from the Thycotic website.