CyberNews Briefs

95% of Pen Test Problems Can Be Easily Resolved

New statistics gathered by Lares show that the most common security issues found by ethical hackers as part of penetrating testing engagements are:

  • Brute forcing accounts with weak and guessable passwords
  • Kerberoasting
  • Excessive file system permissions
  • WannaCry/EternalBlue
  • Windows Management Instrumentation (WMI) lateral movement

According to Lares founder Chris Nickerson, penetration testers encounter these problems in 95% of tests, despite the fact that four of these issues can be resolved by implementing basic security measures.

Protection against brute forcing merely requires organizations to enforce multi-factor authentication and configure account lockout policies. ‘Kerberoasting’ attacks can be stopped by using strong passwords. Excessive file system permissions can be resolved using tools for managing privileged accounts, while attacks exploiting WannaCry/EternalBlue can be ruled out by implementing a Microsoft patch issued in 2017.

Read more: 95% of Pen Test Problems Can Be Easily Resolved

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.