Hackers Say Humans Are the Weakpoint and That Traditional Defenses Cannot Protect Them
Under the principle of set a thief to catch a thief, 250 hackers at Black Hat 2017 were asked about their hacking methods and practices. By understanding how they work and what they look for, defenders can better understand how to safeguard their own systems.
Thycotic surveyed (PDF) a cross section of hackers attending Black Hat. Fifty-one percent described themselves as white hats; 34% described themselves as grey hats using their skills for both good and bad causes; and 15% self-identified as out-and-out black hats.
The hackers’ number one choice for fast and easy access to sensitive data is gaining access to privileged accounts (31%). Second is access to an email account (27%), and third is access to a user’s endpoint (21%). All other routes combined totaled just 21%.
The hackers also confirmed that perimeter security, in the form of firewalls and anti-virus, is irrelevant and obsolete. Forty-three percent are least troubled by anti-virus and anti-malware defenses, while 29% are untroubled by firewalls. “Hackers today are able to bypass both firewalls and AV using well known applications and protocols or even VPN that hide within expected communications,” explains Joseph Carson, Thycotic’s chief security scientist. “For example, VOIP, streaming services etc. Because of the ability to hide within normal business applications or the use of authenticated stolen credentials, they are stating that these technologies are no longer sufficient to prevent cyber-attacks on their own.”
Overall, the hackers find MFA and encryption their biggest obstacles. “As hackers increasingly target privileged accounts and user passwords,” explains Thycotic, “it’s perhaps not surprising that the technologies they considered the toughest to beat include Multi-Factor Authentication (38%) and Encryption (32%), with endpoint protection and intrusion prevention far behind at 8% and 5 % respectively.”
Ultimately, however, the hackers believe that humans are most responsible for security breaches. Only 5% consider that insufficient security software is the problem, while 85% named humans as most responsible for security breaches. The problem is ‘cyber fatigue’.
Cyber fatigue is blamed on the constant pressure to obey policy and good practice. “‘Remembering
and changing passwords’ was the top source of cybersecurity fatigue (35%), a major vulnerability that hackers are all too willing to exploit,” notes Thycotic. “Other contributing factors included ‘Information overload’ (30%), ‘Never ending software updates’ (20%) and ‘Living under constant cyber security threats’ (15%).”
Perhaps surprisingly, hackers do not consider threat intelligence solutions to be an obstacle. “Because Threat Intelligence solutions are also accessible to hackers, they may be able to easily identify how they work and therefore avoid detection them,” suggests Thycotic.
The survey suggests that humans are a weakpoint, traditional perimeter defenses are ineffective, and user credentials are the target. “With traditional perimeter security technologies considered largely irrelevant, hackers are focusing more on gaining access to privileged accounts and email passwords by exploiting human vulnerabilities allowing the hacker to gain access abusing trusted identities,” comments Carson. “More than ever, it is critical for businesses to mitigate these risks by implementing the right technologies and process to ward off unsuspecting attacks and access to sensitive data.”
His conclusion is that “The new cybersecurity perimeter must incorporate an identity firewall built around employee and data using identity and access management technology controls which emphasizes the protection of privileged account credentials and enhances user passwords across the enterprise with multi-factor authentication.”