Study: nearly 1 in 3 networks have exposed passwords, while 72 percent have poor control over privileged accounts
Dec 19, 2018
Preempt Inspector V3.0 Provides Additional New Capabilities to Enterprises that Continue to Struggle with Password Health, Visibility & Control of IT Networks
SAN FRANCISCO and RAMAT GAN, Israel – December 19, 2018 – Preempt, the innovator of the industry’s first Identity and Access Threat Prevention solution that stops cyber attacks and internal threats, today announced research findings from its Preempt Inspector application, showing that despite a steep rise in cybersecurity investment, most enterprises are vulnerable to basic cyber exploits, costly breaches and hacking risk. In conjunction with today’s release, Preempt also announced the availability of V3.0 of Preempt Inspector, which adds powerful new capabilities. (Editors note: Preempt Inspector has been replaced by Preempt Lite)
In the study, Preempt found that nearly one in three enterprises had exposed passwords in Active Directory Group Policy Preferences, opening them up for compromise through the ability of hackers to laterally traverse the enterprise network. The study also found that organizations are plagued by lack of visibility and control when it comes to their passwords and privileged users. Almost 97 percent of inspected enterprises revealed at least one security issue across all Inspector categories, such Active Directory issues and password policies. Meanwhile, 72 percent had stealthy admins – users with excessive administrative privileges that could be used or manipulated by malicious actors. Enterprises normally do not track users with stealthy administrative privileges as closely as other privileged users. As a result, stealthy admins are often an attack vector preferred by attackers.
“While cybersecurity spending is at all time highs, our research finds the vast majority of organizations are vulnerable to hacking via brute force password attacks, compromised user credentials, and other common tactics,” said Ajit Sancheti, Preempt co-founder and CEO. “Compromised credentials were responsible for 81 percent of hacking related breaches last year, and our research suggests this will potentially worsen unless enterprises prioritize password best practices, as well as visibility and control around privileged users.”
In previous versions, Preempt Inspector has monitored various aspects of password and Active Directory security including weak, shared or exposed passwords, presence of stealthy admins and password policy. Preempt Inspector Version 3 expands on this with powerful new features for evaluating local administrator passwords and NTLM Relay protection. Monitoring for cloned local admin passwords is important to maintaining a secure environment, as they can lead to quick privilege escalation on cloned computers or Pass-the-Hash attacks. Checking for NTLM Relay issues is similarly critical: by confirming SMB signing, LDAP signing, and LDAPS channel binding are enforced by the domain controllers, the network can be secured against NTLM relay attacks.
To test password strength, Preempt created a proprietary password dictionary containing 10M of the most common passwords. Last year, this dictionary was used to crack 35 percent of breached LinkedIn password hashes.
Additional statistics from the research include:
- Bigger organizations have better security posture. Comparing average percentage of users with a weak password (compromised or shared) in each organization size, Preempt found that the bigger an organization is, the more secure their passwords tend to be. Preempt Inspector was able to crack 9 percent of passwords in large organizations (>1,000 employees), compared with 10 percent in medium organizations (100 to 1,000 employees) and 16.8 percent in small organizations (<100 employees).
- US-based organizations have best password quality, while Europe was ranked second.The study divided the data into US-based enterprises (64 percent), European-based enterprises (18 percent) and others. The survey found password quality in the U.S. and Europe is better than the rest of the world, with researchers able to crack 6 percent of U.S. passwords, compared with 12 percent of passwords in Europe and 18 percent of passwords from other regions.
- Only 5 percent of organizations had a strong password policy, 23 percent of networks had a very weak password policy. Each password policy received a low, medium or high score. A low score was given to policies that either mandate 7 character passwords or mandate password complexity, a medium score was assigned to policies that mandate less than 10 characters (or 9 characters and complexity). Policies that mandated more than 10 characters or 10 characters and complexity were given a high score. Overall, only 5 percent had a high password policy score, and surprisingly, 23 percent had a low password policy score.
This research data comes from Preempt’s Inspector application , which about 600 organizations have downloaded since its launch in early 2017. More than 100 organizations chose to anonymously share security statistics with Preempt, and password statistics came from a mix of countries: 64 percent are from the U.S., while 18 percent are from Europe. The sample size includes a variety of small (<100 users), medium (100-1000 users) and large (>1000 users) organizational networks.