Thycotic, a provider of privileged access management (PAM)
solutions for more than 10,000 organizations worldwide, today released the
findings from its 2018 Black Hat-conducted survey of more than 300 hackers -
nearly 70 percent of which help organizations improve security and identify as
"white hat hackers." The findings reflect hackers' perspectives on
vulnerabilities and attack vectors they find easiest to exploit. According to
the findings, 50 percent of hackers say they easily compromised both Windows 10
and Windows 8 within the past year.
Operating Systems are only as secure as the people using
them, and the configurations applied. Knowing that compromise of user
accounts is probably inevitable, organizations need a "zero-trust" strategy
that emphasizes least privilege to limit overprivileged accounts that give
hackers wide and undetected access. Many companies use Group Policy Objects
(GPO) to centralize the management, configuration and security of Windows domain-connected
devices. However, GPO policies are dependent on multiple factors and hackers
indicate that they can easily bypass these security controls.
"The 2018 Black Hat Hacker Report indicates that our
operating systems and endpoints remain woefully vulnerable to hackers and
threats from cyber criminals," said Joseph Carson, Chief Security Scientist at
Thycotic. "By combining a least privilege strategy with other security layers
such as multi-factor authentication, behavior analytics and privileged account
protection, organizations can build and maintain a more effective and dynamic
security posture to keep cyber criminals from exploiting their IT environments."
Unfortunately, most organizations are falling short when it
comes to applying least privilege policies. The surveyed participants indicated
that more than 74 percent of organizations are not doing a good job of
implementing the principle of least privilege. This leads to poor password
protection and the theft of credentials, followed by the elevation of
privileges which allow cyber criminals to seize administrative controls and
conquer the network.
Additional findings from the survey include:
- 26 percent of the hackers surveyed said they most often
infiltrated Windows 10 OS. 22 percent hacked Windows 8 the most, followed
by 18 percent for Linux and less than just 5 percent for Mac.
- There is clearly a dominant method used by hackers for
seizing privileged accounts as 56 percent of those surveyed said social
engineering is the fastest technique.
- The top two ways these hackers elevate privilege are
through use of default vendor passwords and the exploitation of
application and OS vulnerabilities.
To download the report and view the full survey results and
findings from Thycotic's 2018 Black Hat Survey, please visit https://thycotic.com/resources/black-hat-2018-survey/.