Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Web Application Development

8/22/2018
09:05 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt
50%
50%

Vulnerable Web Apps Top Threat to Enterprises

A report by Kaspersky researchers found that 73% of successful network perimeter breaches in 2017 were committed via web apps, while inside threats continue to put companies at risk.

Web applications were by far the top cause of successful breaches of corporate networks last year, according to researchers at Kaspersky Lab.

According to the cybersecurity vendor's report, Security Assessment of Corporate Information Systems 2017, issued this month, 73% of successful perimeter breaches in 2017 were done through vulnerable web applications. In addition, while companies seem to understand the need to protect their networks against external threats, they are much more lax when the threat comes from within, according to Sergey Okhotin, senior security analyst of security services analysis at Kaspersky and one of the study's authors.

The report was based on an analysis of penetration tests conducted on corporate networks.

The overall level of protection against external attackers that was deemed low or extremely low for 43% of all companies, the researchers wrote in a blog post. However, the protection against internal threats rated at low or extremely low was 93%.

"The overall security level against external intruders is higher than against internal intruders," Okhotin told Security Now in an email. "Companies pay insufficient attention to the security of the internal network. It means that once the attacker is able to get inside the corporate network via breaching the network perimeter, social engineering attack or other possible vector, there is a high probability that the attacker would be able to obtain total control over the entire network and get access to the business's critical resources."

Insider security threats continue to haunt corporations. A report conducted earlier this year by the Ponemon Institute for startup ObserveIT found that enterprises spend an average of $8.76 million every 12 months to address the damage done from an inside threat, work that usually takes about two months. (See Insider Threats Cost Enterprises More Than $8M Every Year Report.)

Geralt via Pixabay
Geralt via Pixabay

The rate of network breaches caused by vulnerable web applications and the low level of defenses against internal threats were part of a larger pattern of security shortfalls that some organizations should be able to shore up fairly easily.

"Though security of web applications is still quite often underestimated, the most common examples include rolling out untested web applications to fit in the tight schedule driven by business needs and blind trust to third-party developers providing applications to be hosted on the organization's perimeter," Okhotin said. "Both of these mentioned cases highlight the urging need to implement and enforce proper SDLC processes both for in-house and third-party application development."

Another example was related to vulnerability that was widely exploited the high-profile WannaCry and NotPetya/ExPetr ransomware attacks as well as individual targeted attacks, according to the researchers. The vulnerability, MS17-010, was detected in 75% of companies that conducted internal pen testing after information about the vulnerability was published. Some organizations didn't update their Windows systems for seven to eight months after Microsoft released the patch for the vulnerability. (See WannaCry: How the Notorious Worm Changed Ransomware.)

"Additionally, 78% of these companies were tested more than three months after the update had been released," Okhotin said. "This was unexpected because information about this vulnerability was widely covered by mass media. The cited numbers emphasize the fact that a timely and robust patch management process is still to be achieved in a significant portion of large enterprises."

That combined with the fact that obsolete software was detected on the network perimeter of 86% of analyzed companies and in the internal networks of 80% of organizations is an indication of poor implementation of the basic IT security processes, which is putting many enterprises at risk of security breaches, the researchers said.

Along with web applications, publicly available management interfaces with weak or default credentials were another common avenue for penetrating the network perimeter, according to the report. Kaspersky experts were able to gain the highest privileges in the entire IT infrastructure in 29% of external pen test projects.

Not every company was lacking in their security processes, according to Okhotin. The companies tested had a range of cybersecurity maturity levels, including some with well-established security processes like monitoring and regular security assessment. With these companies, even if there was a successful attack, their security teams were quick to detect it and prevent further development.

"The report describes the most common vulnerabilities found in both types of organizations," he said. "Some organizations have implemented the majority of the security measures mentioned in the report. Although we were still able to get access to the business-critical resources, it took much more effort and time. The result significantly depends on how well the security measures are implemented. The security is determined by the weakest element. It can be a user with a weak, common password, default built-in credentials on one system, or a recently set up web application that hadn't been tested yet."

The recommendations listed by the Kaspersky researchers include closely monitoring firewall rules and web application use, finding and using updates for vulnerable software, implementing password policies to encourage users to create strong passwords, running regular security assessments for IT infrastructures -- including applications -- and putting a strategy in place to detect cyberattacks at an early stage, along with a response plan.

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21991
PUBLISHED: 2021-09-22
The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server...
CVE-2021-21992
PUBLISHED: 2021-09-22
The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A malicious actor with non-administrative user access to the vCenter Server vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash) may exploit this issue to create a denial-of-service ...
CVE-2021-34647
PUBLISHED: 2021-09-22
The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via t...
CVE-2021-34648
PUBLISHED: 2021-09-22
The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /n...
CVE-2021-40684
PUBLISHED: 2021-09-22
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in...