Most Common Vulnerabilities Uncovered During Penetration Testing
At HBS, we do penetration testing (pentesting) every day. We come across many security concerns—some, more frequently than others—and that’s what this blog is about.
Pen testing is one of the best things you can do to shore up your cyber defenses—a great tool to add to your toolbelt—because we find and attempt to exploit the vulnerabilities before bad actors do, revealing weaknesses that exist and must be fixed.
This blog shouldn’t be viewed as a replacement for a pen test, a vulnerability scan, or any assessment of your organization’s security posture. Instead, we aim to help you identify some of the common issues we discover so you can better secure your environment.
If you want the peace of mind that comes from understanding your vulnerabilities and knowing your defenses are strong against potential hackers, let us help.
The Importance and Purpose of Penetration Testing
Penetration testing is a proactive measure that identifies vulnerabilities and attempts to exploit them before malicious actors can. We can’t emphasize enough the importance of regular pentesting. This better ensures that security defenses are solid and effective against constant changes in bad actors’ tactics.
The primary purpose of penetration testing is to uncover vulnerabilities that may not be visible through routine security measures. Organizations can take corrective actions to strengthen their defenses by identifying these vulnerabilities. Pentests provide significant insights into how an attacker might infiltrate systems, what data they could access, and the potential impact of such breaches.
In addition to identifying technical vulnerabilities, penetration testing also evaluates the effectiveness of an organization’s security policies and procedures.
Now let’s get into the details.
7 Common Vulnerabilities Penetration Testing Uncovers
One of the most common vulnerabilities we encounter is related to SMB signing. Server Message Block (SMB) is a network file sharing protocol that allows applications on a computer to read and write to files and request services from server programs in a computer network. SMB signing makes sure communications between the client and server are authenticated and legitimate.
However, many organizations have SMB signing set to "not required," which poses a significant security risk. When SMB signing is not required, it becomes easier for attackers to perform man-in-the-middle attacks. They can intercept and alter communications between the client and server without being detected. This vulnerability allows attackers to execute various malicious activities, such as data theft, unauthorized access, and spreading malware.
Ensuring that SMB signing is set to "required" protects your network. By enforcing SMB signing, you can verify the authenticity of all SMB communications, making it much harder for attackers to interfere. This configuration change significantly enhances your network's security posture. However, proper testing of this change is highly recommended before enabling network-wide.
Regular patching cannot be overstated. We often find that outdated systems and software that have not been patched are easy targets for unauthorized access. Keeping systems updated with the latest patches thwarts many vulnerabilities before the bad guys can leverage them.
Proper password hygiene is fundamental to maintaining a secure environment. During our pentests, we often find that poor password practices, such as using weak passwords or reusing passwords across multiple accounts, are prevalent. Two-thirds of Americans use the same password across multiple accounts, and 13% of the US population uses the same password for every account!
Encouraging the use of strong, unique passwords and implementing policies for regular password changes can markedly reduce the risk of unauthorized entry.
Despite advancements in technology, legacy operating systems occasionally surface during our tests. These outdated systems pose substantial security risks due to their lack of support and updates. Maintaining these systems in a modern network environment is usually a ticking time bomb.
Social engineering plays a big part in a lot of the vulnerabilities we encounter. Our pentests often exploit this vulnerability, demonstrating how easily attackers can manipulate individuals to gain unauthorized access. The best way to stop social engineering is ongoing training and awareness programs to bolster human defenses against such tactics.
Misconfigurations, especially those made in the rapid shift to remote work during the pandemic, continue to be a major security concern. Organizations that quickly adapted to remote operations often exchanged security for the need to get back to work in some capacity.
This quick setup and subsequent lack of review, now four years removed from the height of the pandemic, leaves gaping holes in some companies’ cyber defenses.
During our tests, we frequently find that improper setup of security tools can create a false sense of security. Regular audits of security tool settings and proper configurations are critical so that these tools can provide the protection they promise.
Many organizations still lack geo-blocking and multi-factor authentication (MFA) despite the fact that they significantly enhance security. These simple yet effective strategies provide an additional layer of defense against unauthorized access.
Penetration Testing Takeaways
You can always improve your security posture, but if we were to take the common issues we see and turn those into our most significant recommendations, they would be:
- Stay Up to Date with Patching: Consistently applying patches and updates in a timely manner to hardware and software is crucial to protect systems from known vulnerabilities. This practice can significantly reduce the risk of unauthorized access.
- Practice Great Password Hygiene: Encourage the use of strong, unique passwords and implement policies for regular password changes. This reduces the risk of access through compromised credentials.
- Any Kind of Assessment is Valuable…as Long as You Follow Through with Recommendations: You would be very surprised at how often an organization undergoes an assessment of any kind—whether that be a pentest, vulnerability scan, firewall review, active directory audit, etc.—and then fails to make the necessary changes that the assessment recommends.
- Consider a Managed XDR Partner: Engaging with a managed Extended Detection and Response (XDR) partner provides advanced threat detection and response capabilities, offering an extra layer of protection and peace of mind. Even if your organization is vulnerable, a managed XDR partner gives you extra reaction time and information when an attack is underway. Having an XDR solution often isolates an incident and stops it before it becomes a major disaster.
Protecting Your Organization from Common Threats
We’ve highlighted some of the most frequent issues we encounter daily. However, it is important to remember that everyone’s security posture is unique—invest in assessments that will better help you understand your strengths and weaknesses.
Our team is always happy to help you identify and then mitigate risks—contact us today so we can get started in building a stronger defense for your business.