The Picus Blue Report 2024 also found,
security controls for macOS endpoints only prevented 23% of
simulated attacks, compared to over 60% for Windows and Linux
SAN FRANCISCO, July 30, 2024 /PRNewswire/ -- Picus Security, the
leading security validation company, has released The Blue
Report 2024: State of Exposure Management* that revealed
40% of tested environments allowed attack paths that lead to domain
admin access. Achieving domain admin access is particularly
concerning because it is the highest level of access within an
organization's IT infrastructure, and is like giving attackers a
master key. The report was based on a worldwide comprehensive
analysis of more than 136 million cyber attacks simulated by the
Picus Security Validation Platform.
The Security Domino Effect is Concerning
The report reveals that, on average, organizations prevent 7 out
of 10 of attacks, but are still at risk of major cyber incidents
because of gaps in threat exposure management that can permit
attackers using automation to move laterally through enterprise
networks. Of all attacks simulated, only 56% were logged by
organizations' detection tools, and only 12% triggered an
alert.
"Like a cascade of falling dominoes that starts with a single
push, small gaps in cybersecurity can lead to big breaches," said
Dr. Suleyman Ozarslan, Picus
co-founder and VP of Picus Labs. "It's clear that organizations are
still experiencing challenges when it comes to threat exposure
management and balancing priorities. Small gaps that lead to
attackers obtaining domain admin access are not isolated incidents,
they are widespread. Last year, the attack on MGM used domain admin
privileges and super admin accounts. It stopped slot machines, shut
down virtually all systems, and blocked a multi-billion-dollar
company from doing business for days."
Well over a third (40%) of environments have weaknesses that
allow attackers with initial access to a network to achieve domain
admin privileges. Once they have these privileges they can manage
user accounts or modify security settings. A compromised domain
admin account can lead to full control of the network, allowing
attackers to conduct data exfiltration, deploy malware, or disrupt
business operations.
macOS EDR Misconfigurations Lead to Vulnerabilities
The Blue Report 2024 also highlights that macOS endpoints are
far more likely to be misconfigured or allowed to operate without
Endpoint Detection and Response (EDR). macOS endpoints only
prevented 23% of simulated attacks, compared to 62% and 65% for
Windows and Linux. This highlights a potential gap in IT and
security team skill sets and approach in securing macOS
environments.
"While we have found Macs are less vulnerable to start, the
reality today is that security teams are not putting adequate
resources into securing macOS systems," said Volkan Ertürk, Picus
Security Co-Founder and CTO. "Our recent Blue Report research shows
that security teams need to validate their macOS systems to surface
configuration issues. Threat repositories, like the Picus Threat
Library, are armed with the latest and most prominent macOS
specific threats to help organizations streamline their validation
and mitigation efforts.
The Blue Report 2024 helps security teams benchmark their
performance against peers and identify areas for improvement.
Additional key findings include:
- Common language passwords: 25% of companies use passwords
that are words commonly found in the dictionary. This
means that it is easy for attackers to crack hashed passwords and
obtain cleartext credentials.
- Organizations only prevent 9% of data exfiltration
techniques used by attackers. Data exfiltration is used
to steal sensitive data and is commonly used in ransomware
attacks.
- BlackByte, the most challenging ransomware group for
organizations to defend against, is prevented by just 17%
of organizations, followed by BabLock (20%) and Hive (30%).
For more information:
- Download the Picus Blue Report 2024
- Read the Blue Report 2024 blog
- Blue Report 2024 Media Kit
*Methodology:
The findings in this report are based on the results of
simulated attack scenarios executed by Picus Security customers
from January to June 2024. The data
has been anonymized and aggregated from 136 million attack
simulations. Research and analysis was completed by Picus Labs, the
research team of Picus Security.
About Picus Security
Picus Security, the leading security validation company, gives
organizations their validated risk level and pinpoints critical
gaps. Picus Security Validation Platform transforms security
practices by correlating, prioritizing, and validating exposures
across siloed findings so teams can focus on high-impact fixes. The
Picus Exposure Data Fabric and Numi AI™ help security teams
understand their risk and prioritize a short-list worth
pursuing.
The pioneer of Breach and Attack Simulation, Picus delivers
award-winning threat-centric technology that allows teams to
pinpoint fixes worth pursuing. Picus Security also has a
willingness to recommend percentage of 95% in the 2024
Gartner® Peer Insights™ Voice of the Customer for Breach and Attack
Simulation Tools**.
** Gartner, Voice of the Customer for Breach and Attack
Simulation Tools, Peer Contributors, 30 January 2024
GARTNER is a registered trademark and service mark, and PEER
INSIGHTS is a trademark and service mark, of Gartner, Inc. and/or
its affiliates in the U.S. and internationally and are used herein
with permission. All rights reserved.
Gartner Peer Insights content consists of the opinions of
individual end users based on their own experiences with the
vendors listed on the platform, should not be construed as
statements of fact, nor do they represent the views of Gartner or
its affiliates. Gartner does not endorse any vendor, product or
service depicted in this content nor makes any warranties,
expressed or implied, with respect to this content, about its
accuracy or completeness, including any warranties of
merchantability or fitness for a particular purpose.
Logo:
https://mma.prnewswire.com/media/2183222/4835187/Picus_Logo.jpg
View original
content:https://www.prnewswire.co.uk/news-releases/40-of-environments-are-vulnerable-to-full-take-over-new-picus-security-report-unveils-302209716.html