Most businesses suffer from cyber security vulnerabilities, with security firm Rapid 7 finding in tests that it was able to exploit at least one in-production vulnerability in 84 per cent of all engagements.
In its ‘Under the Hoodie 2018: Lessons from a Season of Penetration Testing’ report, the firm also found that the figure is even higher for internal tests – when the tester has or gains local network access – where just four per cent of companies are free of flaws that hackers could target.
The researchers said that their report reveals that while penetration testers don’t always win – by gaining administrative control of a network – when they are able to touch the internal LAN or WLAN, the attacker success rate rises significantly.
Some 59 per cent of all penetration tests performed for the study were based externally, where the targets tend to be internet-facing vectors, such as web applications, email phishing, cloud-hosted assets, and/or VPN exposure.
Rapid 7 said that just over half the time (53 per cent) on a given engagement, at least one useful username and password was collected from the target organisation, with that figure rising 86 per cent when the attacker is already in the local, internal network.
According to Tod Beardsley, Rapid 7 director of research: “Penetration testers will be the first to tell you that it’s usually easier to simply guess (or ask for) passwords than to exploit vulnerabilities and leverage network misconfigurations, and attacks involving capturing credentials tend to afford longer-lasting access.”
His firm said external penetration tests are logical for most companies, due to the prevalence of internet-based attackers. However, it added that always advocates for a test that includes an internal component. This allows organisations to understand the impact of a compromise and to quantify the gaps in its defence strategy.