Wednesday, May 17, 2017


The report of the week

We do not realize it, but on many occasions we can become our worst enemy. When it comes to facing any challenge, as daily as it might seem, we have to do it with caution. While it is true that self-esteem is important, we should not forget that pride is considered as one of the seven deadly sins and that the higher we are, the harder we fall. 

Sometimes these "sins" can have futile consequences, but some other times can mean an annoyance of biblical proportions, and even more when we talk about cybersecurity. Unfortunately, today we know that many companies commit the sin of pride according to the latest study by Skyport Systems and Redmond Magazine, since most companies think (erroneously) that their active directory is safe.

The response of more than 300 North American computer professionals reveals that directory security is in fact underperforming, leaving companies open to external hacking attacks and internal threats. The survey also sheds some light on how organizations are protecting their privileged information that is stored in directories in a scenario where attacks are on daily bases.

As for the confidence of the users regarding the security of the directories, the data are the following:
  • More than half of respondents rate their directories as "safe" or "very secure". 
  • 1 in 3 of the other half consider that their active directory is "moderately secure".
  • Only 2.5% of respondents rate it as "unsafe".
 "Smart configuration and governance of your AD admin accounts, and passwords is a great first stop, but it's still not enough," says Art Gilliland, CEO of Skyport Systems. "AD is the key to the kingdom and should be protected at all costs. We know that IT teams are being asked to do more with less, which is why it’s important to explore hyperconverged security models that reduce workload and increase visibility to ensure a completely turnkey, secure environment for the applications that matter most.”

Thus, the data indicate that vulnerabilities could exist:
  • 70% would have neglected to implement multi-factor authentication.
  • 41% allowed unspecified workstations to access domain controllers.
  • 1 in 5 used administrator credentials to read email or browse the web.
Although active directories are the primary target of attacks and are quite vulnerable, more than half of those surveyed admit that security is not a priority in the coming year.

Adversaries and penetration testing teams frequently target AD administrator and workstation credentials in order to break a gap in an organization, since it is difficult to detect a successful compromise and unlocks all elements of the IT infrastructure: users, data, applications, computers and network. According to Skyport's security assessment for businesses in 2016, mismanagement of these directories exposes 90 percent of businesses to security breaches.

While it is true that some respondents may be overstating that overconfidence in their company's AD security, it could happen that most of these organizations are not aware of how vulnerable their active directories really are. In fact, some red team pentesters claim almost a 100% success rate when they are hired to breach the active directory infrastructure of a company.

As we have seen, pride reigns in companies when we speak in terms of cybersecurity. Because of these excesses of trust, many gaps and attacks occur, such as the ransomware WannaCry. So in the matter of protection and safety, it is better to be humble so that whatever happens doesn’t catch us by surprise. 


Post a Comment