How Quickly Can a Hacker Breach a Company’s Local Network?
Experts from Positive Technologies have analyzed the security level of corporate information systems and presented an overview of the most common security flaws, attack methods, and recommendations for improving protection. The study was based on 28 external penetration tests conducted in 2019 for companies that allowed the use of anonymized data. Only the most informative projects were included to ensure objective results.
The research revealed that gaining access to resources within a local network is possible in 93% of companies. Notably, 77% of attack vectors were linked to insufficient protection of web applications, and it can take as little as 30 minutes to breach a local network.
Minimum Steps Required to Breach a Local Network
The companies tested in 2019 represented various sectors: financial (32%), IT (21%), fuel and energy (21%), government (11%), services (7%), industry (4%), and telecommunications (4%).
As mentioned above, during external penetration tests, specialists managed to access the local network in 93% of organizations. The maximum number of penetration vectors found in a single project was 13. According to the experts, breaching a local network took anywhere from 30 minutes to 10 days. In most cases, the attack complexity was rated as low, meaning even a low-skilled hacker with basic knowledge could succeed. At least one simple way to breach the network existed in 71% of companies.
Main Vectors for Breaching Local Networks
The majority of attacks targeted credential guessing and exploiting web application vulnerabilities. In 68% of companies, successful web application attacks were carried out by guessing credentials.
“The most vulnerable component on the network perimeter is web applications,” notes Ekaterina Kilyusheva, head of the research group at Positive Technologies’ information security analytics department. “According to our analysis, 77% of penetration vectors were related to web application security flaws; at least one such vector was found in 86% of companies. It’s essential to regularly analyze the security of web applications. The most effective method is source code analysis, which helps identify the largest number of errors. For proactive protection, it’s recommended to use a web application firewall (WAF), which can prevent exploitation of existing vulnerabilities, even if they haven’t been discovered yet.”
Additionally, 86% of companies had password policy weaknesses rated as critical or high risk. Simple and dictionary-based user passwords were the main security flaws on the network perimeter.
One of the most common passwords used combinations of the month and year in Latin keyboard layout (for example, Jrnz,hm2019 or Fduecn2019). Such passwords were found in every third company, and in one organization, they were used by more than 600 users.
Where Weak Passwords Were Found
During testing, well-known software vulnerabilities were widely exploited, allowing access to local networks in 39% of companies. Examples include vulnerabilities in outdated versions of Laravel and Oracle WebLogic Server. Six zero-day vulnerabilities were also discovered, enabling remote code execution, including CVE-2019-19781 in Citrix Application Delivery Controller (ADC) and Citrix Gateway software.
Software with Discovered Vulnerabilities
Positive Technologies experts remind companies of the importance of promptly installing security updates for operating systems and the latest software versions, as well as regularly monitoring for software with known vulnerabilities on the corporate network perimeter.
Most Common Passwords
The study also highlighted the most frequently used passwords, which often included simple or easily guessable combinations, further increasing the risk of unauthorized access.