Most Common Weaknesses ProArch's Penetration Testing Uncovers
Penetration testing (pen test) is an effective way to uncover gaps in your security posture. By simulating real-world attacks, trusted security experts expose vulnerabilities and weaknesses that could be exploited by attackers. In turn, organizations can take this knowledge to mitigate risks and enhance their overall security posture.
At ProArch, we have been performing penetration testing for decades. With hundreds of pen tests done across all industries and company sizes, there are common issues we see time and time again.
In this blog, we cover the five most common exposures and why they’re so common.
Unsecured File Shares with Sensitive Data
Network file shares enable users and groups to store, access, and share files. Many organizations don’t think twice about the security of file shares, so bad actors and penetration testers target them early, often for two reasons:
- They’re easy to gain access to.
- It’s common for users to store sensitive information in them over time.
The information contained in file shares arms attackers with the knowledge they need to understand the environment they’re breaking into. This allows them to move laterally, accessing resources such as workstations, databases, applications, email accounts, cloud services, and more.
In our penetration testing we have found cleartext passwords linked to PowerShell or Batch scripts that were stored on an accessible share for easy access for administrators. With those passwords in hand, the pen tester had full control over the organization’s domain, computers, and user accounts—all starting from a forgotten file share and script.
It’s easy to see why file shares are left unsecured: They make lives easier, enable collaboration, and grant access to everyone across the network. However, leaving them unsecured is a risk too big to ignore.
Privileged Accounts Running as Service Accounts
You’re an IT admin, and you install a new application to do some testing. Happens all the time, right? That application needs to communicate with the server to function, so you authorize it without fully understanding what’s being agreed to.
Everything appears fine on the surface, but behind the scenes, the application is consistently authenticating to that server using your account to pull data for the new application to run. Even worse, if a service is running as a domain admin, then it has access to anything and everything the domain admin does.
So, you can imagine why this type of privilege is exactly what attackers want.
This type of vulnerability is commonly found in pen tests for three key reasons:
- Shadow IT, i.e., the organization lacks control and visibility into what’s being used on the network.
- There’s no—or inadequate—auditing and alerting in place.
- There’s a lack of organizational policies and security training for IT staff in place.
In these cases, organizations must move applications to a service account and make sure that the account has limited access to protect their resources and data.
Weak or Default Passwords
Some of the easiest things to exploit during penetration tests are default or weak passwords, most commonly found set on multifunctional devices like printers or forgotten about service accounts.
That multifunctional printer you use to scan documents and then save to a file share? The default password can be found with a simple web search. To add to the risk, these accounts usually have elevated privileges, enabling attackers to access critical systems and data.
Simple access to a printer or address book has led to full network compromise more times than you think in our penetration tests. Email addresses, system information, and other sensitive information are all ripe for the taking with one weak password.
Many organizations still lack robust password policies, regular account and password audits, shadow IT control, and strong authentication policies. To strengthen passwords, it’s crucial to nail down the basics. Implement multifactor authentication and strong password policies that enforce complexity, reuse, and aging requirements.
Bypassing Misconfigured Cybersecurity Solutions
If you don’t implement, enforce, and continuously manage your protection tools, they will fail to live up to their potential.
IT and security teams have good intentions. They get the latest firewall, EDR tool, or antivirus solution with the hopes the tools will do what they tell them to do.
But if these tools are not implemented, configured, and managed correctly, they become another open door for attackers or pen testers to get in.
Too many tools and vendors in the environment can add to the confusion on who is doing what and deliver a false sense of security.
In our penetration testing services, we see this time and time again due to a lack of the following:
- Asset and software inventory and management
- Holistic security visibility and solution inventory
- Deep solution intelligence and expertise
- Alerting monitoring and response
- Expert guidance, careful implementation, or continuous management of solutions
Security tools work best when they’re configured carefully, managed consistently, and continuously adapted to changing needs. If you need help, work with a managed detection and response provider like ProArch who can help you get the basics right, align with policies, make proactive adjustments, and stay ahead of new threats.
Inadequate Network Segmentation
Penetration tests often show critical systems and sensitive data that share the same networks as less-secure assets.
The absence of clear boundaries makes it easier for attackers to gain access through the less secure assets and, once they’re in, move laterally across the network.
Most of the time, organizations with this vulnerability have an insufficient understanding of IT or OT security best practices or misconceptions around perimeter defenses. When this is the case, organizations must revisit their legacy network architectures to more effectively and proactively protect their assets.
You may notice a common theme among these five most-found issues in our penetration tests: They are preventable.
But if your team lacks the skills and bandwidth to maintain a secure state, it’s easier said than done. If growing your team internally isn’t an option, find a reliable, well-rounded partner who can identify gaps in your environment, remediate them, and create a holistic program that sets you up for long-term success.
Think you’re secure? ProArch will be the judge of that.
At ProArch, we don’t just perform penetration testing services—we help fix the gaps and provide ongoing cybersecurity solutions once the pen test is done. Don't rely on only a vulnerability scan as a measurement of your security posture.
Know what's really putting you at risk, get a plan for remediation, and focus your investments where it matters most. Reach out to us.