Page 68 - Cyber Defense eMagazine for September 2020
P. 68
The use of personal credentials in the workplace is also a concern. According to our findings, 19 percent
of organizations have at least one internet-facing workload accessible via non-corporate credentials.
Given that there are a staggering 15 billion consumer credentials floating around the dark web,
companies should urge their employees not to use personal credentials in the workplace to prevent
attackers from leveraging stolen credentials to access their networks.
Tip: Breaches mostly stem from simple errors such as stolen root account passwords with no MFA. IT
teams must get the basic security protocols in place before advancing to more advanced capabilities.
Hackers Know Internal Servers Are Vulnerable
It is no secret among hackers that internal servers are often less protected than external internet-facing
servers. Once attackers gain access to an organization’s cloud estate, they can expand rapidly in search
of sensitive data and assets such as passwords and authentication tokens.
We found that while only 2 percent of neglected, internet facing-workloads contain customer information,
44 percent contain secrets and credentials including clear-text passwords, API keys, and hashed
passwords.
These authentication tokens and credentials are valuable for attackers, which they leverage to execute
lateral movement across networks in search of crown jewel data. And we found that nearly 6 percent of
internet-facing assets contain SSH keys that could be used to access adjacent systems.
Cyber Defense eMagazine – September 2020 Edition 68
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
