Hacker working on laptop showing cybercriminals breach company networks

Cybercriminals Can Breach 93% Of Company Networks and Trigger Unacceptable Events in Under a Month, Study Finds

A new study by Positive Technologies found that cybercriminals could breach 93% of company networks and trigger 71% of unacceptable events within a month.

The undesirable events include disrupting technological processes and service delivery and theft of financial resources and information. Most disruptions originate from distributed denial-of-service attacks.

According to the researchers, threat actors could take over some information systems in a matter of days and trigger the events in less than a month.

The researchers simulated various APT attack scenarios, applied social engineering tactics like malicious email attachments, and analyzed countermeasures deployed.

They selected test subjects from key sectors in the United States, including finance (29%), fuel and energy (18%), government (16%), industrial (16%), and IT (13%). Compromising these critical infrastructure industries could have serious impacts on national security.

Compromising credentials is most frequently used to infiltrate company networks

According to the researchers, compromising credentials was the most common method of infiltrating company networks. This tactic relies on weak and guessable login passwords, including on administrator accounts. The researchers applied the technique in breaching 71% of the company networks.

They also exploited known vulnerabilities in software application and web application code in 60% and 43% of the tests, respectively.

Similarly, the researchers found that most organizations had no network segmentation, thus allowing cyber criminals to develop multiple attack vectors, breach the network, and trigger unacceptable events.

Cybercriminals can breach most company networks in record time

The study found that in 93% of the attacks, cybercriminals could breach company networks’ perimeter and access internal network resources.

On average, it takes just two days to penetrate a company’s internal network. Positive Technology researchers demonstrated how easy it was to steal data of millions of users within two days after breaching the network.

Even worse, a malicious insider could compromise 100% of all organizations tested and gain access to domain privileges and access other critical systems. Unsurprisingly, in 100% of organizations, gaining domain privileges allows an attacker to compromise other critical computer systems.

The researchers noted that while gaining domain privileges was not mandatory to trigger unacceptable events, it usually simplifies the attack. Gaining administrative privileges allows cybercriminals to collect credentials for lateral movement or installing malicious software for executing ransomware attacks.

Positive Technologies head of research and analytics Ekaterina Kilyusheva said that 20% of the clients requested the company to check feasible unacceptable events that could be triggered by successful cyber attacks.

“These organizations identified an average of six unacceptable events each, and our pentesters set out to trigger those,” she said. “According to our customers, events related to the disruption of technological processes and the provision of services, as well as the theft of funds and important information pose the greatest danger.”

After successful penetration testing, they found that cybercriminals could trigger 71% of unacceptable events in under a month and actualize 87% of unacceptable events in industrial companies.

The stakes were higher in the banking sector. According to the research, cybercriminals could disrupt business processes and impact the quality of service at every bank. For example, cybercriminals could gain access to ATM management software and steal funds from financial institutions or compromise customers’ credit cards.

The researchers advised organizations to harden their company networks. They recommended separating business processes through network segmentation, configuring security controls, enhancing monitoring, and lengthening the attack chain. Continuous monitoring is especially crucial in preventing DDoS attacks.