What percentage of your Windows network is exposed to credential theft attacks?
November 12, 2015 | Security and Risk | Amy Burnis
Andrey Dulkin is the director of cyber innovation at CyberArk Labs. He leads a team of cyber security experts who conduct research focused on targeted attacks against organizational networks – the methods, tools and techniques employed by targeted attackers, as well as methods and techniques to detect and mitigate such attacks.
In a CyberArk Labs research report now available, “Analyzing Real-World Exposure to Windows Credential Theft Attacks,” the team reviewed data from more than 50 networks to identify the prevalence and risk of what are referred to as “highly threatening machines.”
According to Dulkin, “In a given network, there are typically a number of highly threatening machines that can give an attacker the credentials needed to completely compromise the majority of Windows hosts on the network. We’ve seen similar credential theft methods as the basis for major attacks across a number of organizations. Identifying these machines and securing the associated privileged credentials against theft and exploitation is a critical step in securing against advanced cyber attacks.”
Focused on measuring network exposure, the research aims to determine how much of a Windows network is typically exposed through the compromise of a single privileged account on a single Windows host.
His team found that, on average, 40 percent of the Windows hosts on a given network, if compromised, would provide an attacker credentials that would facilitate complete compromise of the vast majority of the other Windows hosts on that network – whether directly or through a series of compromises.
The research also examines several mitigation techniques to effectively reduce the threat level in the network. Download the report for full details here: https://www.cyberark.com/resource/analyzing-real-world-exposure-to-windows-credential-theft-attacks/
If you need a tool to identify the privileged accounts on your networks, you can use CyberArk Discovery & Audit (DNA). It’s free. For more information on CyberArk DNA and to sign up for a trial evaluation, visit https://www.cyberark.com/discovery-audit-cyberark-dna/.