Verizon’s analysis finds a majority of attackers leveraged legitimate user passwords and other credentials to breach systems

PHOENIX, April 28, 2016 – BeyondTrust, the leading cyber security company dedicated to preventing privilege misuse and stopping unauthorized access, announced today that the 2016 Verizon Data Breach Investigations Report (DBIR) leverages data on publicly facing vulnerabilities provided by the company. BeyondTrust supplied Verizon researchers with anonymous vulnerability assessment results that represented the most recent live data from public address spaces worldwide. The data was completely sanitized into statistical forms in order to draw the conclusions in the latest report.

Some of the biggest storylines from this year’s report reveal that legitimate user credentials were used in most 2015 data breaches. In fact, 63 percent of attackers took advantage of weak, default or stolen passwords. But not all users were innocent, well-meaning insiders. There was a higher rate of collusion between internal and external parties in 2015.

These findings mirror BeyondTrust’s recent study of privileged access management, which showed that over 25 percent of companies have no controls over privileged access.

The Verizon report also finds an increase in the gap between compromise and detection. In nearly 82 percent of cases, compromises happened in minutes. But 68 percent of the time, exfiltration happens in days. Half of all system vulnerability exploitations occurred between 10 and 100 days after a vulnerability is published, with a median of 30 days. This is important when considering the majority of attacks used credentials.

The key takeaway: the typical user has too many privileges. Reducing elevated access closes a massive attack vector. By enforcing least privilege on all end-user machines and servers, security administrators can gain control over root and administrative access in their IT environments.

There are five additional steps all organizations can take immediately to strengthen their security postures:

  1. Lock down all enterprise credentials in a password safe.
  2. Implement least privilege not only for admins, but also for partners, contractors and end users.
  3. Implement multi-factor authentication to make it more difficult for attackers to move laterally.
  4. Share threat and behavioral analytics to reveal what might be hidden in volumes of data.
  5. Improve the discipline of vulnerability assessments and patching.

“Attackers taking advantage of weak, default and stolen credentials is not a new addition to the threat landscape, yet many organizations continue to lack the necessary password management controls to mitigate this attack vector,” said Brad Hibbert, Chief Technology Officer, BeyondTrust. “We're proud to supply Verizon with the data for this year's DBIR. We will continue working to raise awareness among businesses and government agencies of all sizes on the steps they must take, including better educating users, to prevent becoming another data breach statistic.”

Learn more about Brad Hibbert's view of the report in his blog post, "VBIR Quick Take: User Credentials Used in Most Data Breaches in 2015."

About BeyondTrust

BeyondTrust is a global information security software company that helps organizations prevent cyber attacks and unauthorized data access due to privilege abuse. Our solutions give you the visibility to confidently reduce risks and the control to take proactive, informed action against data breach threats. And because threats can come from anywhere, we built a platform that unifies the most effective technologies for addressing both internal and external risk: Privileged Access Management and Vulnerability Management. Our solutions grow with your needs, making sure you maintain control no matter where your company goes. BeyondTrust’s security solutions are trusted by over 4,000 customers worldwide, including half of the Fortune 100. To learn more about BeyondTrust, please visit