Never mind software vulnerabilities, your company network is far more likely to be breached due to a slipup made by a staff member, a new report has reminded us.
This particular piece of research has been published by security outfit Praetorian, and it encompassed some 100 penetration tests and 450 real-life attacks, finding that the most prevalent attack vector was that of exploiting either weak or phished employee passwords.
Indeed, Praetorian observed that weak domain user passwords were a root cause of compromise in 66% of breaches, coming first in the list of top five attack vectors.
The following four were: Broadcast name resolution poisoning (64%); Local administrator attacks (61%); Cleartext passwords stored in memory (59%); Insufficient network access controls (52%).
Praetorian noted that the top four of these attack methods are based on leveraging phished or otherwise stolen user credentials – and also that most attacks don't have a single root cause, in fact 97% of them have two or more.
Path of least resistance
The simple truth is that rather than hunting for exploits and vulnerabilities they can use to crack open a network, attackers are much more likely to rely on some form of social engineering, because this is quite simply an easier and less risky route to take.
Of course, looking down the line, the traditional password is slowly being replaced by biometrics – as we saw recently, we'd all rather use our bodies than passwords.
Although there are, of course, limits to biometric security in certain respects. Earlier this week we reported on how facial recognition can be easily fooled using poor quality photos of victims found on the web, although that's just basic camera-based facial recognition (for example, adding infrared to detect a 'live' face obviously makes a big difference).
At any rate, it remains clear that traditional passwords are a seriously vulnerable aspect when it comes to network defences.
Via: Naked Security
