Malicious actors moving laterally through their victim’s network can access and compromise 94% of critical assets in four steps from their initial point of breach by chaining vulnerabilities, misconfigurations, privileged credentials, and simple human errors.
Hybrid cloud architectures are particularly vulnerable to such attacks because malicious actors are able to exploit security vulnerabilities, most often misconfigurations or lax access controls, to gain a foothold in the network and then move between applications on-premises and in the cloud as needed.
That’s according to a new report produced by hybrid cloud security specialist XM Cyber. In his study, Impact report: review of the year 2021the Israel-based organization collated data collected from two million endpoints, files, folders and cloud resources in 2021.
Business analysts wanted to study the methods, attack paths, and impacts of attack techniques used against critical assets in on-premises, multi-cloud, and hybrid IT environments.
“Modern organizations are investing in more and more platforms, applications and other technology tools to accelerate their business, but too often they don’t realize that the interconnection between all these technologies presents a significant risk”, said Zur Ulianitzky, head of research at XM Cyber.
The resulting report outlines the security vulnerabilities and hygiene issues that exist in these environments. XM Cyber said it also demonstrates the importance of risk visibility across the network and between teams, as Ulianitzky explained: “When siled teams are responsible for different components of security at the within the network, no one sees the full picture. A team may overlook a seemingly minor risk, not realizing that overall it is a stepping stone in a hidden attack path to a critical asset.
In addition to the main statistic, XM Cyber’s report also revealed that three-quarters of an organization’s critical assets could have been compromised in their then-current security state, and that 78% of organizations are prepared to be compromised whenever a new remote code execution vulnerability is disclosed.
But it was misused credentials, rather than the high-profile zero-days, that the report said posed the greatest risk, with 73% of the most widely used attack techniques involving mismanaged or stolen credentials as the initial compromise. .
The bottom line, according to the report, is that understanding attack paths and vectors, visualizing and modeling them, and learning how malicious actors use them to pivot in a hybrid environment, and resolving these issues, should be a priority. for security teams.
XM Cyber claimed that if defenders know where and when to disrupt attack paths, they can potentially reduce issues by 80% that would otherwise consume their security resources.