Even a low-skilled hacker can hack the internal network of global companies. An experienced attacker will not need more than half an hour to penetrate the local network. Such conclusions were made by experts from Positive Technologies in their research.
“It took an average of four days to penetrate the local network, and at least 30 minutes. In most cases, the complexity of the attack was estimated as low, that is, a low-skilled hacker who possesses only basic skills could also carry it out,” said experts.
Positive Technologies experts analyzed information dated 2019 on the protection of corporate information systems of 28 companies from external intruders and pentest (the penetration test). As part of external pentests, specialists managed to penetrate the local networks of 93% of organizations. In some cases, there were several ways to overcome network protection.
According to experts, every sixth company showed signs of hacker attacks, malicious links on official sites or valid accounts in public leak databases. Based on this, the researchers concluded that the company’s IT infrastructure could be controlled by hackers.
Specialists advise companies for protection, first, to follow the General principles of information security: regularly check their information resources available for external connection, as well as develop strict rules for corporate password policy and monitor their implementation. In addition, they recommend regularly updating the security settings for operating systems and installing the latest versions of software products.
Recall that, according to Kaspersky Lab, in April, the number of attacks on the infrastructure of Russian organizations whose employees work remotely exceeded 18 million, which is five times more than in February. Positive Technologies found that up to 48% of the passwords of employees of organizations is made up of a combination of a word indicating the time of the year or month and four digits indicating the year.