Rabitə və İnformasiya Texnologiyaları Nazirliyinin elektron xəbər xidməti
Organizations undergo cyber-attacks via vulnerable web apps
According to annual security tests conducted by Kaspersky Lab, 73% of successful perimeter breaches were achieved via vulnerable web applications. The most dangerous attacks are specifically planned in relation to the vulnerabilities of a particular organisation. And each organisation’s IT infrastructure is unique.
Kaspersky’s report found that the web applications of government bodies were the most insecure, with high-risk vulnerabilities found in every application. By contrast, e-commerce applications are better protected from possible external interference.
“Our research has shown that vulnerable web applications can provide gateways into corporate networks. There are many security measures that can be implemented to guard against this nature of attack – half of these breaches could have been prevented by restricting access to management interfaces. We encourage IT security specialists to identify the vulnerabilities their organisations have and focus on strengthening them,” said David Emm, principal security researcher at Kaspersky Lab.
The results of the 2017 research revealed that the level of protection against external cyber-attacks was low or extremely low, for 43% of analysed companies. Based on the results of the survey, it is clear the issue of security should be a top business consideration for the boardroom, and a top technology consideration for CTOs and CISOs.
In 29% of external penetration test projects, Kaspersky Lab experts successfully gained the highest privileges in the entire IT infrastructure, including administrative-level access to the most important business systems, servers, network equipment and employee workstations.
The information security situation in companies’ internal networks was even worse, according to the report. The level of protection against internal attackers was identified as low or extremely low for 93% of all analysed companies.
The highest privileges in the internal network were obtained in 86% of the analysed companies; and for 42% of them it took only two attack steps to achieve this. Breaching the highest privileges allows the attackers to take complete control over the whole network, including business critical systems.
The impact of the WannaCry ransomware attack on the NHS, and other organisations across the world, was caused – in part – by obsolete software. Even when software patches are released, companies are slow to update their current systems.
In the report, this obsolete software was identified on the network perimeter of 86% of the analysed companies, and in the internal networks of 80% of companies. This suggests a poor implementation of basic IT security processes, which leaves the enterprise as an easy target for attackers.
05/09/18 Çap et