Why Update? Surprise, Hacker Masquerade Time

September 1, 2020

Hacker Masquerade vulnerability assessment firm Positive Technologies has shared some results from their penetration tests (“pentests) on corporate information systems. Though they do not reveal data on individual clients, they report some eye-opening statistics. IT Brief reports on these findings in, “Hackers Difficult to Distinguish from Legitimate Users—Study.” Writer Shannon Williams tells us:

“At 61% of the companies, we found at least one simple way to obtain control of infrastructure that would have been feasible even for a low-skilled hacker. The testers noted that legitimate actions that would be unrecognizable from regular user activity accounted for 47% of the actions that allowed pentesters to create an attack vector. These actions included creating new privileged users on network hosts, creating a memory dump of lsass.exe, exporting registry hives, and sending requests to the domain controller. These actions allow hackers to obtain credentials from corporate network users or information required to develop the attack. The risk is that it is hard to differentiate between such actions and the usual activities of users and administrators, making it more likely that the attack will remain unnoticed. These incidents can however be detected with security incident detection systems. The testing also demonstrated that the attackers can exploit known vulnerabilities found in outdated software versions to remotely execute arbitrary code, escalate privileges, or learn important information. What the experts see most often is lack of current OS updates.”

And that, boys and girls, is why we must always keep our operating systems up to date. The write-up shares a little about how hackers can use OS quirks to gain access to and traverse systems. Keeping your Windows updated will not, however, patch holes caused by lax permissions, single-factor authentication routines, and other liabilities. Not surprisingly, Positive Technologies’ Ekaterina Kilyusheva suggests companies hire a specialist to perform an internal pentest that will assess their systems’ vulnerabilities.

Cynthia Murrell, September 1, 2020

Written by Stephen E. Arnold · Filed Under DarkCyber, News, Security

Comments

One Response to “Why Update? Surprise, Hacker Masquerade Time”

hiepthanhbuildings.net on September 17th, 2020 10:57 am

Regards for this tremendous post, I am glad I noticed this
site on yahoo.

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.