Pen Testers Breach Perimeter Through Web Apps

Penetration tests help organizations gain a better understanding of how protected they are against cyber-attacks, and when Kaspersky Lab’s performed several dozen cybersecurity assessment tests on corporate networks, it found that the overall level of protection against external attackers was low or extremely low for almost half of the analyzed companies. The report, Security Assessment of Corporate Information Systems in 2017, found that three-quarters (73%) of successful perimeter breaches in 2017 were achieved using vulnerable web applications. Using weak or default credentials to attack publicly available management interfaces was also a common vector threat actors employed to penetrate the network perimeter. Experts gained administrative access to IT infrastructure in 29% of the external penetration tests performed, but the success rate soared to 86% of the analyzed companies when testing against internal attackers. In 42% of those cases, it took penetration testers only two steps to gain the highest privileges granting them access to important business systems.