Skip to main content

Cybercriminals are able to break into pretty much all corporate networks

password
(Image credit: Image source: Shutterstock/Ai825)

Cybercriminals are able to successfully gain access to pretty much all corporate networks, with various and significant ramifications, a new report from security firm Positive Technologies suggests.

The company recently tested 45 organizations from different industries - including finance, fuel and energy, government, IT and others - and found that an attacker could breach their network perimeter and gain access to local resources in 93 percent of cases.

To penetrate the company’s internal network, an average attacker would need just two days, usually with the help of compromised credentials. According to the researchers, too many people use “simple passwords”, which is particularly dangerous for those working in system administration.

An attacker with admin credentials can easily obtain other people’s credentials and move laterally throughout the corporate network, reaching many key computers and servers.

Administration, virtualization, protection and monitoring tools often help an intruder gain access to isolated network segments. The study claims that most firms don’t have network segmentation by business processes, allowing malicious actors to attack through multiple vectors at the same time.

What’s more, in 100 percent of companies analyzed, an insider could gain full control over company infrastructure.

Companies in finance are generally perceived as among the most secure. However, researchers were quite successful in compromising their networks too. Positive Technologies was even able to access some banks’ ATM systems, which could have resulted in the theft of funds in a real-world scenario.

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.