Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Web Application Development

8/22/2018
09:05 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt
50%
50%

Vulnerable Web Apps Top Threat to Enterprises

A report by Kaspersky researchers found that 73% of successful network perimeter breaches in 2017 were committed via web apps, while inside threats continue to put companies at risk.

Web applications were by far the top cause of successful breaches of corporate networks last year, according to researchers at Kaspersky Lab.

According to the cybersecurity vendor's report, Security Assessment of Corporate Information Systems 2017, issued this month, 73% of successful perimeter breaches in 2017 were done through vulnerable web applications. In addition, while companies seem to understand the need to protect their networks against external threats, they are much more lax when the threat comes from within, according to Sergey Okhotin, senior security analyst of security services analysis at Kaspersky and one of the study's authors.

The report was based on an analysis of penetration tests conducted on corporate networks.

The overall level of protection against external attackers that was deemed low or extremely low for 43% of all companies, the researchers wrote in a blog post. However, the protection against internal threats rated at low or extremely low was 93%.

"The overall security level against external intruders is higher than against internal intruders," Okhotin told Security Now in an email. "Companies pay insufficient attention to the security of the internal network. It means that once the attacker is able to get inside the corporate network via breaching the network perimeter, social engineering attack or other possible vector, there is a high probability that the attacker would be able to obtain total control over the entire network and get access to the business's critical resources."

Insider security threats continue to haunt corporations. A report conducted earlier this year by the Ponemon Institute for startup ObserveIT found that enterprises spend an average of $8.76 million every 12 months to address the damage done from an inside threat, work that usually takes about two months. (See Insider Threats Cost Enterprises More Than $8M Every Year Report.)

Geralt via Pixabay
Geralt via Pixabay

The rate of network breaches caused by vulnerable web applications and the low level of defenses against internal threats were part of a larger pattern of security shortfalls that some organizations should be able to shore up fairly easily.

"Though security of web applications is still quite often underestimated, the most common examples include rolling out untested web applications to fit in the tight schedule driven by business needs and blind trust to third-party developers providing applications to be hosted on the organization's perimeter," Okhotin said. "Both of these mentioned cases highlight the urging need to implement and enforce proper SDLC processes both for in-house and third-party application development."

Another example was related to vulnerability that was widely exploited the high-profile WannaCry and NotPetya/ExPetr ransomware attacks as well as individual targeted attacks, according to the researchers. The vulnerability, MS17-010, was detected in 75% of companies that conducted internal pen testing after information about the vulnerability was published. Some organizations didn't update their Windows systems for seven to eight months after Microsoft released the patch for the vulnerability. (See WannaCry: How the Notorious Worm Changed Ransomware.)

"Additionally, 78% of these companies were tested more than three months after the update had been released," Okhotin said. "This was unexpected because information about this vulnerability was widely covered by mass media. The cited numbers emphasize the fact that a timely and robust patch management process is still to be achieved in a significant portion of large enterprises."

That combined with the fact that obsolete software was detected on the network perimeter of 86% of analyzed companies and in the internal networks of 80% of organizations is an indication of poor implementation of the basic IT security processes, which is putting many enterprises at risk of security breaches, the researchers said.

Along with web applications, publicly available management interfaces with weak or default credentials were another common avenue for penetrating the network perimeter, according to the report. Kaspersky experts were able to gain the highest privileges in the entire IT infrastructure in 29% of external pen test projects.

Not every company was lacking in their security processes, according to Okhotin. The companies tested had a range of cybersecurity maturity levels, including some with well-established security processes like monitoring and regular security assessment. With these companies, even if there was a successful attack, their security teams were quick to detect it and prevent further development.

"The report describes the most common vulnerabilities found in both types of organizations," he said. "Some organizations have implemented the majority of the security measures mentioned in the report. Although we were still able to get access to the business-critical resources, it took much more effort and time. The result significantly depends on how well the security measures are implemented. The security is determined by the weakest element. It can be a user with a weak, common password, default built-in credentials on one system, or a recently set up web application that hadn't been tested yet."

The recommendations listed by the Kaspersky researchers include closely monitoring firewall rules and web application use, finding and using updates for vulnerable software, implementing password policies to encourage users to create strong passwords, running regular security assessments for IT infrastructures -- including applications -- and putting a strategy in place to detect cyberattacks at an early stage, along with a response plan.

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3903
PUBLISHED: 2021-10-27
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-41191
PUBLISHED: 2021-10-27
Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website....
CVE-2021-1115
PUBLISHED: 2021-10-27
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component beyond the vulnerable co...
CVE-2021-1116
PUBLISHED: 2021-10-27
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.
CVE-2021-1117
PUBLISHED: 2021-10-27
Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input validation, which may lead to denial of service.