An array of organizations still vulnerable to brute force attacks as attackers target default or easily-guessed usernames and passwords to breach enterprise defenses.
That’s according to Ixia’s first annual security report, an overview of 2016’s biggest security events based on research from the company’s global Application and Threat Intelligence (ATI) Research Center. It shows that increasing complexity and attack surface expansion is being compounded by cloud and internet of things (IoT) growth, and that network segmentation also a problem.
While increases in malware are clearly a major threat to both enterprises and service providers, network complexity is creating its own vulnerability, the report found. The average enterprise is using six different cloud services, and network segmentation is increasing, yet 54% of enterprises are monitoring less than half of those network segments, and less than 19% of companies believe that their IT teams are adequately trained on the wide array of network appliances they are managing.
“Organizations need to constantly monitor, test and shift security tactics to keep ahead of attackers in the fast-paced threat landscape we all deal with today. This is especially important as new cloud services and increased IoT devices are routinely being introduced,” said Marie Hattar, CMO at Ixia. “To do this effectively, organizations must start by studying their evolving attack surface and ensure they have the proper security expansion measures in place. Simple but effective testing and operational visibility can go a long way to improving security.”
Gaining access to accounts is often done the old-fashioned way—brute force guesses, starting with the most obvious. The top five username guesses were root, admin, ubnt, support and user; while the top five password guesses were null, ubnt, admin, 123456 and support (ubnt, is the default username for AWS and other cloud service offerings that use Ubuntu). IoT was also a notable target with “pi” for Raspberry PI.
Malware continued to dominate over 2016 but there were a few months—namely June, July, and August 2016—during which ransomware phishing appeared to have outpaced conventional malware phishing. The top five phishing target websites globally were Google, Paypal, Facebook, Microsoft, and Alibaba; while Adobe updates were found to be the most prevalent drive-by updates for delivering malware or phishing attacks.
Meanwhile, the report also found that the top exploited uniform resource identifier URI paths and content management systems included WordPress. WordPress URI paths were the two most exploited in 2016, showing how attackers are targeting sites built on the popular platform; WordPress was by far the most exploited content management system, with Joomla a distant second.