Hackers favor using vulnerable Web apps to beat security perimeters
For many organizations, vulnerable Web applications may be their weakest link when it comes to an effective data security strategy.
About three-quarters (73 percent) of successful perimeter breaches in 2017 were achieved using vulnerable Web applications, according to Kaspersky Lab’s analysis of penetration tests it conducted on corporate networks that year.
Each year, the company’s Security Services department carries out a “practical demonstration of possible attack scenarios” to help organizations worldwide identify vulnerabilities in their networks and avoid damage. The goal of the penetration test report is to educate IT security specialists and raise awareness of relevant vulnerabilities and attack vectors against corporate information systems.
The results of the most recent research show that the overall level of protection against external attackers was assessed as low or extremely low for 43 percent of analyzed companies.
In addition to Web applications, another common vector for penetrating network perimeters was attacks on publicly available management interfaces with weak or default credentials. In 29 percent of external penetration tests Kaspersky Lab experts successfully gained the highest privileges in the entire IT infrastructure. That includes administrative-level access to the most important business systems, network equipment, and employee workstations.
The information security tests in corporate internal networks was even worse, the report said. The level of protection against internal attackers was identified as low or extremely low for 93 percent of all analyzed companies.