Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Dark Reading
Dark Reading
Products and Releases

Global Survey: Cyber Attackers Posing as Legitimate Insiders Represent Greatest Security Risks

61 Percent Cite Privileged Account Takeover as Most Difficult Cyber Attack Stage to Mitigate; Nearly Half Still Believe They Can Prevent Attackers from Breaking into a Network

Newton, Mass. – September 30, 2015 – Cyber attacks that exploit privileged and administrative accounts – the credentials used to manage and run an organization’s IT infrastructure – represent the greatest enterprise security risks, according to a new survey released by CyberArk (NASDAQ: CYBR).

Sixty-one percent of respondents cited privileged account takeover as the most difficult stage of a cyber attack to mitigate, up from 44 percent last year. In addition, 48 percent believe that data breaches are caused by poor employee habits, while 29 percent blame attacker sophistication. The findings are part of CyberArk’s 9th Annual Global Advanced Threat Landscape survey, developed through interviews with 673 IT security and C-level executives.

CyberArk analyzed potential discrepancies between damaging cyber security threats and organizations’ confidence in being able to defend themselves. While there is increasing awareness about the connection between privileged account takeover as a primary attack vector in recent, high profile breaches, many organizations are still focusing on perimeter defenses.

With more than half of respondents believing they could detect an attack within days, CyberArk warns that many IT and business leaders may not have a full picture of their IT security programs. Looking beyond the tip of the iceberg with perimeter defenses and phishing attacks – organizations must be able to protect against more devastating compromises happening deeper inside the network, like Kerberos ‘Golden Ticket’ and Pass-the-Hash attacks.

Key findings of the 2015 survey include:

Beyond the Breach – Attackers Going for Complete Network Takeover

As demonstrated by attacks on Sony Pictures, the U.S. Office of Personnel Management (OPM) and more, once attackers steal privileged accounts, they can conduct a hostile takeover of network infrastructure or steal massive amounts of sensitive data. These powerful accounts give attackers the same control as the most powerful IT users on any network. By being able to masquerade as a legitimate insider, attackers are able to continue to elevate privileges and move laterally throughout to a network to exfiltrate valuable data.


·         Respondents were asked which stage of an attack is the most difficult to mitigate:

o   61 percent cited privileged account takeover; versus 44 percent in 2014

o   21 percent cited malware installation

o   12 percent cited the reconnaissance phase by the attackers

·         Respondents were asked what attack vectors represented the greatest security risks:

o   38 percent cited stolen privileged or administrative accounts

o   27 percent cited phishing attacks

o   23 percent cited malware on the network


False Confidence in Corporate Security Strategies

CyberArk’s survey highlights that the while respondents display public confidence in their CEOs’ and directors’ security strategies, the tactics being employed by organizations contradict security best practices. Despite industry research showing that it typically takes organizations an average of 200 days to discover attackers on their networks, a majority of respondents believe they can detect attackers within days or hours. Respondents also persist in believing that they can keep attackers off the network entirely – despite repeated evidence to the contrary.


·         55 percent believe they can detect a breach within a matter of days; 25 percent believe they can detect a breach within hours

·         44 percent still believe that they can completely keep attackers off of a targeted network

·         48 percent believe poor employee habits are to blame for data breaches; 29 percent believe attackers are simply too sophisticated

·         57 percent of respondents were confident in the security strategies set forth by their CEO or Board of Directors


Organizations Fail to Recognize Dangers of Attacks on the Inside

Cyber attackers continue to evolve tactics to target, steal and exploit privileged accounts – the keys to successfully gaining access to an organization’s most sensitive and valuable data. While many organizations focus heavily on defending against perimeter attacks like phishing, attacks launched from inside an organization are potentially the most devastating.  Respondents were asked to rank the type of attacks they were most concerned about:


·         Password hijacking (72 percent)

·         Phishing attacks (70 percent)

·         SSH Key hijacking (41 percent)

·         Pass-the-Hash attacks (36 percent)

·         Golden Ticket attacks (23 percent)

·         Overpass-the-Hash attacks (18 percent)

·         Silver Ticket attacks (12 percent)


Golden Ticket, Overpass-the-Hash and Silver Ticket are types of Kerberos attacks, which can enable complete control over a target’s network by taking over the domain controller. One of the most dangerous is a Golden Ticket attack, which can mean “game over” for an organization and complete loss of trust in the IT infrastructure.


“It is no longer acceptable for organizations to presume they can keep attackers off their network,” said John Worrall, CMO, CyberArk. “The most damaging attacks occur when privileged and administrative credentials are stolen, giving the attacker the same level of access as the internal people managing the systems. This puts an organization at the mercy of an attacker’s motivation, be it financial, espionage, or causing harm to the business. The survey points to increasing awareness on the devastating fallout of privileged account takeover, which we hope will continue to spur a ripple effect in the market as organizations acknowledge they must expand security strategies beyond trying to stop perimeter attacks like phishing.”


Full Research Brief

The full survey can be downloaded for free at www.Cyberark.com/ThreatSurvey2015.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-11-14
Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious at...
PUBLISHED: 2019-11-14
Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity.
PUBLISHED: 2019-11-14
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to execute database commands via carefully constructed time based payloads.
PUBLISHED: 2019-11-14
Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests.
PUBLISHED: 2019-11-14
Unprotected Storage of Credentials vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows local attacker to gain access to the root password via accessing sensitive files on the system.