Subscribe
  • Home
  • /
  • Malware
  • /
  • Thycotic's 2018 Black Hat Survey results uncover hackers' easiest points of entry for hacking IT systems

Thycotic's 2018 Black Hat Survey results uncover hackers' easiest points of entry for hacking IT systems

Fifty percent of hackers reveal they compromised Windows 10 and Windows 8 within the past year.


Washington, D.C., 04 Oct 2018

Thycotic, a provider of privileged access management (PAM) solutions for more than 10 000 organisations worldwide, today released the findings from its 2018 Black Hat conducted survey of more than 300 hackers, nearly 70% of which help organisations improve security and identify as "white hat hackers." The findings reflect hackers' perspectives on vulnerabilities and attack vectors they find easiest to exploit. According to the findings, 50% of hackers say they easily compromised both Windows 10 and Windows 8 within the past year.

Operating Systems are only as secure as the people using them, and the configurations applied. Knowing that compromise of user accounts is probably inevitable, organisations need a "zero-trust" strategy that emphasises least privilege to limit overprivileged accounts that give hackers wide and undetected access. Many companies use Group Policy Objects (GPO) to centralise the management, configuration and security of Windows domain-connected devices. However, GPO policies are dependent on multiple factors and hackers indicate that they can easily bypass these security controls.

"The 2018 Black Hat Hacker Report indicates that our operating systems and endpoints remain woefully vulnerable to hackers and threats from cyber criminals," said Joseph Carson, Chief Security Scientist at Thycotic. "By combining a least privilege strategy with other security layers such as multi-factor authentication, behaviour analytics and privileged account protection, organisations can build and maintain a more effective and dynamic security posture to keep cyber criminals from exploiting their IT environments."

Unfortunately, most organisations are falling short when it comes to applying least privilege policies. The surveyed participants indicated that more than 74% of organisations are not doing a good job of implementing the principle of least privilege. This leads to poor password protection and the theft of credentials, followed by the elevation of privileges which allow cyber criminals to seize administrative controls and conquer the network.

Additional findings from the survey include:

* 26% of the hackers surveyed said they most often infiltrated Windows 10 OS. 22% hacked Windows 8 the most, followed by 18% for Linux and less than just 5% for Mac.
* There is clearly a dominant method used by hackers for seizing privileged accounts as 56% of those surveyed said social engineering is the fastest technique.
* The top two ways these hackers elevate privilege are through use of default vendor passwords and the exploitation of application and OS vulnerabilities.

To download the report and view the full survey results and findings from Thycotic's 2018 Black Hat Survey, please visit https://thycotic.com/resources/black-hat-2018-survey/.

To learn more about Thycotic, please visit the company's website and follow Thycotic on Twitter at @Thycotic.

Share

Thycotic

The easiest to manage and most readily adopted privilege management solutions are powered by Thycotic. Thycotic's security tools empower over 10,000 organizations, from small businesses to the Fortune 500, to limit privileged account risk, implement least privilege policies, control applications, and demonstrate compliance. Thycotic makes enterprise-level privilege management accessible for everyone by eliminating dependency on overly complex security tools and prioritising productivity, flexibility and control. Headquartered in Washington, D.C., Thycotic operates worldwide with offices in the UK and Australia. For more information, please visit www.thycotic.com.

Editorial contacts

Jacqueline Velasco
Lumina Communications
(408) 680 0564
thycotic@luminapr.com