CYBER 101

  • Alerts
  • Blog
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Domains
  • FAQ
  • Incidents
  • Tutorials

Join our newsletter

FOLLOW US

  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
  • Events
  • Jobs
Get Help
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
  • Events
  • Jobs
Get Help
CyberMaterial

2020 Malware Research Report

By Rapid7 Global Consulting

2 min read
in Document, Report

Penetration testing—the practice of simulating a criminal breach of a sensitive area in order to uncover and fix defensive failures—is (still) a rather occult subject, as evidenced by the recent dust-up with local authorities in Dallas County, Iowa. Employees from Coalfire Systems, a well-respected penetration testing firm, were arrested in September 2019 due to a misunderstanding of the scope and fundamental legitimacy of penetration testing.[1] Although charges were eventually dropped in February 2020, the incident rocked the pentesting space. Clearly, everyone involved in offensive security needs to strive to better explain the value of routine pentesting of our physical and virtual world.

This report aims to do just that by exploring the hows and whys of penetration testing, covering mainly internal and external network compromises, with some supplementary data on social engineering and red team simulations. Over the course of 12 months worth of survey data, we found:

  • Internal network configuration and patch management continue to provide “easy” soft targets to penetration testers, who can often use off-the-shelf commodity attacks to escalate privileges and move laterally about the network without being detected.
  • Password management and secondary controls such as two-factor authentication (2FA) on the enterprise level are severely lacking, leading to “easy” compromises involving both password spraying and offline cracking hashed passwords acquired during simulated breaches.
  • As the world’s knowledge workers depend more than ever on VPNs and internet-based applications, rather than onsite, traditionally internal network controls, penetration testers are finding significant flaws in those VPN terminators and custom web apps.

READ FULL REPORT

 

Related

Tags: 2020Malwaremalware-documentsPenTestingReport
3
VIEWS
ADVERTISEMENT

Related Posts

The Assault on Small and Midsize Organizations (e-book)

Combatting Today’s Cyber Threats (e-book)

August 8, 2022
The Assault on Small and Midsize Organizations (e-book)

The Assault on Small and Midsize Organizations (e-book)

August 8, 2022
CYBERSECURITY RESOURCES ROAD MAP

CYBERSECURITY RESOURCES ROAD MAP

August 8, 2022
BUILDING CYBERSECURITY IN SMALL AND MIDSIZE BUSINESSES

BUILDING CYBERSECURITY IN SMALL AND MIDSIZE BUSINESSES

August 8, 2022

More Articles

Aircrack-ng

October 5, 2020
Alerts

New Sandworm Malware Cyclops Blink Replaces VPNFilter

February 23, 2022
APIs

8.4 billion of records were exposed due to data breaches in Q1 2020.

November 3, 2020
Cyber101

Session Replay – Definition

March 22, 2022
Book

Kali Linux Penetration Testing Bible

April 19, 2022
Document

GUIDE TO CYBER THREAT HUNTING

June 29, 2022

Online Grooming

July 5, 2021
Quotes

“If a managed mobile device gains a new….”

December 13, 2021
Load More

Security through data

Cybersecurity Domains

  • Application Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • Governance
  • IAM
  • Physical Security
  • More...

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • AR/VR
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • IoT
  • Quantum Computing
  • More...

Frameworks

  • CIS Controls
  • CISA TSS
  • FISMA
  • GDPR
  • ISO 2701/02
  • MITRE ATT&CK
  • NIST
  • NYS-DFS
  • More...

Industries

  • Automation
  • E-Commerce
  • Education
  • Fake News
  • Financial
  • Government
  • Health Care
  • Military
  • More...

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering
  • Vulnerabilities
  • More...

© 2022 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
Search

More...

Generic filters
Filter by Categories
Alerts
Blog
Book
Incidents
Quotes
Tutorials
Certification
Cheat Sheet
Course
Game
Meme
Movie
Paper
Podcast
Report
Software
TV Show

Try these: DDoSGDPRMalware

  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
  • Report Cyber Incident
  • GET HELP

Join our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.