Pierluigi Paganini November 11, 2015

A research published by CyberArk Labs focuses on targeted attacks against organizational networks, analyzing hackers’ methods, tools and techniques.

Bad news for network administrators, according to the security company CyberArk, 88 percent of networks are susceptible to privileged account hacks.

The report published by CyberArk entitled “Analyzing Real-World Exposure to Windows Credential Theft Attacks” reveals that corporate Windows networks are most of the times poorly configured and expose credentials for privileged user accounts. The analysis analyzes various credential abuse methods, including Kerberos attacks, Overpass-the-Hash and Pass-the-Hash attacks, providing suggestions for their mitigation.

The experts have searched for vulnerabilities and configuration issued that exposed credentials to hackers. They focused the investigation on the theft attacks, events that cause the exposure of the user’s credentials that could be used to log in impersonating the victim to exfiltrate data from the targeted machine.

The researchers at CyberArk assessed 51 corporate networks relying on Windows systems and discovered in over 88% of the cases  “highly threatening machines” in the network’s architecture. The experts highlighted that 40 percent of Windows hosts could lead to a complete compromise if they were hacked.

“Every Windows network, no matter how large or small, could potentially be compromised by attackers through theft or privileged credentials,” states the report. 

The worst scenario occurs when the attacker access credentials for privileged accounts, let us think to network administrators and use them to lateral movement within the targeted organization.

Each machine is a mine of information for attackers that could gather them to penetrate more deeply targeted networks. Only 12 percent of the networks analyzed by the experts were classified at a“low exposure,” which are networks where less than 10 percent of the hosts had a high risk of being compromised.

Similar techniques were adopted by threat actors in the wild, such as the notorious cases of the giants of the retail industry, Target and Home Depot.

The report also mentions the abuse of privileged service accounts ordinary used to execute a number of functions implemented by the operating system.

“We’ve seen similar credential theft methods as the basis for major attacks across a number of organization,” said Andrey Dulkin, director of cyber innovation at CyberArk Labs. “Identifying these machines and securing the associated privileged credentials against theft and exploitation is a critical step in securing against advanced cyber attacks.”

Enjoy the report.

Pierluigi Paganini

(Security Affairs – hacking, organization networks)

[adrotate banner=”5″]

[adrotate banner=”13″]