Nearly 50% of hackers say they compromised Windows systems more than any other within the past year

What do hackers see as their easiest point of entry? This is the question at the heart of a new survey which asked hundreds of white hats about their favored system targets in 2018.

The study, released today by Thycotic, polled more than 300 hackers at this year’s Black Hat USA conference.

According to the company, nearly 50% of those surveyed – most of whom identified as white hat hackers – said they had compromised Windows-based systems more than any other within the past year.

Of the respondents, 26.7% said they infiltrated Windows 10 most frequently, followed by Windows 8 (22.4%). Some 18% of hackers were focusing their efforts on Linux targets, while just 5% of respondents said Apple’s Mac OS was their “most conquered“.

This signifies a worrying threat for users and enterprises, said one security expert, who warned that system updates are by no means a foolproof defense.

“I believe what is significant here is that not only is [Windows] the most targeted OS, but hackers have confirmed they have also successfully compromised the operating system as well,” Joseph Carson, Thycotic’s chief security scientist, told The Daily Swig.

“This is all significant because it shows that using the latest OS does not mean cybercriminals won’t be able to compromise it.”

Zero trust posture

In the study, hackers indicated that they find it easy to compromise Group Policy Objects (GPOs), which are often used to centralise the management, configuration, and security of Windows domain-connected environments.

“The problem with Group Policy Objects is that they are widely used in organisations to push configuration policies to endpoints that include security configurations,” says Carson.

“However, there are many known exploits that allow cybercriminals to easily bypass these security controls along with very distributed environments.”

He warned: “Most of today’s systems only connect to the corporate network periodically to get those policy updates. With so many exploits, organizations should not solely rely on GPO for security.”

Least privilege access policies are failing woefully, the survey found, with only a quarter of organizations implementing them successfully.

Passwords are often poorly protected, and it’s easy for hackers to seize credentials which allow them to elevate privileges and seize administrative control.

More than half the hackers surveyed said that social engineering was the fastest technique for gaining access.

One in 10 respondents admitted to using identity theft to gain network access, while fewer than 7% made use of malware or stolen endpoints.

Application and OS vulnerabilities were also a major problem, with almost 20% of hackers claiming they are able to exploit unpatched systems.

“A legacy traditional approach to cybersecurity will no longer work in today’s threat landscape with social engineering and phishing emails being the most used methods to gain access to systems,” Carson said.

“Organizations must take a different approach to reduce risk and increase cybersecurity awareness by applying multi-factor authentication and protecting privileged access with a strong Privileged Access Management solution.”