2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyber Defenses
SBWebinars
136 views
31 slides
Nov 27, 2018
Slide 1 of 31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
About This Presentation
Curious about what hackers really think of your cyber defenses? Thycotic’s new 2018 Black Hat Conference survey conducted in Las Vegas in August reveals some disturbing answers.
75% hackers say companies fail at applying the principle of least privilege
50% of hackers say they easily compromised ...
Slide Content
Privileged Access Management 101
What Hackers Really Think About Your Cyber Defenses
What Hackers Really Think About Your Cyber Defenses
17,000 Security Professionals
BLACK HAT CONFERENCE 2018
BLACK HAT CONFERENCE 2018
Google’s Security Princess
delivering the Keynote
delivering the Keynote
Detecting Credential Compromise in
AWS
AWS
From Workstation to Domain Admin
“So I Became a Domain Controller”
Privileged Access Management 101
What Hackers Really Think About Your Cyber Defenses
What Hackers Really Think About Your Cyber Defenses
50% of Hackers Easily Conquered Windows OS in the Past Year
Windows1027%
Windows822.5%
BASED ON SURVEY QUESTION:
Which OS did you conquer the
most in the past 12 months?
Less than 5% of hackers listed Mac OS,
Unix, and Mobile devices as
compromised.
Alsoidentifiedaseasilyconquered:
LinuxOS18%
Windows1027%
Windows822.5%
BASED ON SURVEY QUESTION:
Which OS did you conquer the
most in the past 12 months?
Less than 5% of hackers listed Mac OS,
Unix, and Mobile devices as
compromised.
Alsoidentifiedaseasilyconquered:
LinuxOS18%
say traditional perimeter security
firewalls and antivirus are irrelevant
or obsolete73
%
OF HACKERS SAY
firewalls and antivirus are irrelevant
or obsolete73
%
OF HACKERS SAY
56% of Hackers say
Social
Engineering is the
fastest way to
access privileged
accounts
SocialEngineering56%
Application/
OSVulnerability20%
IdentityTheft10%
Malware,
StolenEndpoints<7%
BASED ON SURVEY QUESTION:
What’s the fastest way to get
onto a network to access
privileged accounts?
Social
Engineering is the
fastest way to
access privileged
accounts
SocialEngineering56%
Application/
OSVulnerability20%
IdentityTheft10%
Malware,
StolenEndpoints<7%
BASED ON SURVEY QUESTION:
What’s the fastest way to get
onto a network to access
privileged accounts?
Phishing Scams
Not an
attachment
but hyperlink
Not an
attachment
but hyperlink
Password Re-Useis the riskiest behavior by employees
Re-usedpasswords47%
UsingUSBdrives
Withoutscanning20%
Accessviapublicwifi19%
Malware,
StolenEndpoints<7%
BASED ON SURVEY QUESTION:
What’s risky behavior do you
exploit the most?
Re-usedpasswords47%
UsingUSBdrives
Withoutscanning20%
Accessviapublicwifi19%
Malware,
StolenEndpoints<7%
BASED ON SURVEY QUESTION:
What’s risky behavior do you
exploit the most?
91% of Hackers
Conquer Windows
Environments
Despite Using
Group Policy
Objects
Yes,usingMimikatz43%
Yes,easily26%
Yes,passwordsinSYSVOL
&GroupPolicyPreferences22%
BASED ON SURVEY QUESTION:
Do you exploit companies
using Microsoft GPO?
Conquer Windows
Environments
Despite Using
Group Policy
Objects
Yes,usingMimikatz43%
Yes,easily26%
Yes,passwordsinSYSVOL
&GroupPolicyPreferences22%
BASED ON SURVEY QUESTION:
Do you exploit companies
using Microsoft GPO?
Default Vendor PasswordsAllow Hackers to Escalate Privileges
Defaultvendorpasswords22%
App/OSvulnerabilities20%
MisconfiguredserviceAccts18%
SocialEngineering17%
Sharedaccounts12%
Bruteforce7%
BASED ON SURVEY QUESTION:
What is the single best way to
typically escalate privileges?
Defaultvendorpasswords22%
App/OSvulnerabilities20%
MisconfiguredserviceAccts18%
SocialEngineering17%
Sharedaccounts12%
Bruteforce7%
BASED ON SURVEY QUESTION:
What is the single best way to
typically escalate privileges?
Domain Admin AccountsAllow Hackers to RULE the Network
Domainadministrator25%
Serviceaccount19%
Rootaccount19%
BASED ON SURVEY QUESTION:
What is the primary type of
privileged account that you
prefer to target and stay hidden?
Domainadministrator25%
Serviceaccount19%
Rootaccount19%
BASED ON SURVEY QUESTION:
What is the primary type of
privileged account that you
prefer to target and stay hidden?
accessing privileged accounts was the
number one choice for the easiest and
fastest way to get at sensitive data32
%
OF HACKERS SAY
number one choice for the easiest and
fastest way to get at sensitive data32
%
OF HACKERS SAY
1.Adopt a zero trust posture
2.Don’t rely only on GPO for security
3.Apply the principle ofLeast Privilege
Black Hat 2018 Report Key Takeaways
2.Don’t rely only on GPO for security
3.Apply the principle ofLeast Privilege
Black Hat 2018 Report Key Takeaways
üReduces Costs: Saves companies time and money
üEmpower Happy Employees: Reduce employee cyber
fatigue
üPositive Security Impact
üFast Track to Compliance: Automation and reduced
complexity
üKeeps Cyber Criminals Out
PAM: #1 Project in 2018
üEmpower Happy Employees: Reduce employee cyber
fatigue
üPositive Security Impact
üFast Track to Compliance: Automation and reduced
complexity
üKeeps Cyber Criminals Out
PAM: #1 Project in 2018
Ask Advice
Click Here
Click Here
A Secure Internet
Starts With You
QUESTIONS
Starts With You
QUESTIONS
Thycotic prevents cyberattacks by securing
passwords, protecting endpoints, and controlling
access
10,000+
Customers
180,000
IT Admins &
Security Pros
1M+
Endpoints
Protected
passwords, protecting endpoints, and controlling
access
10,000+
Customers
180,000
IT Admins &
Security Pros
1M+
Endpoints
Protected
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 136
- Slides 31
- Age 2566 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
33 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
36 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
33 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views