New statistics gathered by Lares show that the most common security issues found by ethical hackers as part of penetrating testing engagements are:
- Brute forcing accounts with weak and guessable passwords
- Kerberoasting
- Excessive file system permissions
- WannaCry/EternalBlue
- Windows Management Instrumentation (WMI) lateral movement
According to Lares founder Chris Nickerson, penetration testers encounter these problems in 95% of tests, despite the fact that four of these issues can be resolved by implementing basic security measures.
Protection against brute forcing merely requires organizations to enforce multi-factor authentication and configure account lockout policies. ‘Kerberoasting’ attacks can be stopped by using strong passwords. Excessive file system permissions can be resolved using tools for managing privileged accounts, while attacks exploiting WannaCry/EternalBlue can be ruled out by implementing a Microsoft patch issued in 2017.