According to a newly released survey
conducted at Black Hat 2018, 50% of hackers said that Windows
8 and Windows 10 have been the easiest attack vectors to exploit this
year.
Thycotic surveyed more
than 300 hackers – nearly 70% of whom identified as white hats – to
understand the hacker perspective with regard to vulnerabilities and attack
vectors.
In 2018 Black Hat
Hacker Report, Thycotic reveals that hackers often
leverage the reality that operating systems are only as secure as the people
using them.
“The 2018 Black Hat Hacker
Report indicates that our operating systems and endpoints remain
woefully vulnerable to hackers and threats from cyber-criminals,” said Joseph
Carson, chief security scientist at Thycotic, in today’s press release.
While the two Windows
operating systems provided easy access, the survey found that 26% of
hackers infiltrated Windows 10 most often, while 22% hacked Windows 8 the most.
Linux lagged behind in popularity, with hackers exploiting vulnerabilities in the OS only
18% of the time. Less than 5% of respondents said that Mac was their
easiest or most often-used attack vector.
To take control of privileged
accounts, 56% of hackers said that social engineering is the fastest account seizing
technique. Most often hackers are able to elevate privilege by either using
default vendor passwords or exploiting application and OS vulnerabilities, the survey
stated.
In addition, survey
participants reported that nearly two-thirds (74%) of companies are lagging
when it comes to implementing the principle of least privilege. In an email
interview, Carson said, “Most companies are failing at applying the principle
of least privilege as they are trying to solve this challenge with a
technology-only approach, which tends to focus more on security without considering
employee usability.”
The problem with such an
approach is that the focus is most often on security rather than employee
usability. “This typically creates a conflict between employee productivity and
the need for better cybersecurity,
resulting in a poor security experience and employees look for ways around
it.”
Because lagging behind in
privileged access policies could result in more data breaches, Carson said a
failure to implement least privilege will mean a higher cost for companies when
they experience a data breach.
No comments:
Post a Comment