New Picus Security report: 40% of IT infrastructures are vulnerable to full takeover
Picus Security, a leading security company, published “The Blue Report 2024: The State of Exposure Management”, which showed that 40% of the tested environments allow attack paths that lead to access to the domain administrator. This is a particularly troubling fact, since the domain administrator has the highest level of access in the organization’s IT infrastructure, which is like giving attackers the master key to all doors. The report is based on a global analysis of more than 136 million simulated cyber attacks using the platform. Picus Security Validation Platform.
Domino effect in cybersecurity
The report indicates that on average, organizations stop 7 out of 10 attacks, but still remain vulnerable to serious cyber attacks due to vulnerability management gaps that allow attackers to use automation to navigate corporate networks. Only 56% of simulated attacks were recorded by detection tools, and only 12% of them triggered the creation of the necessary alerts.
“Like a domino falling through a single push, small gaps in cybersecurity can lead to major breaches,” said Dr. Suleiman Ozerslan, co-founder of Picus and vice president of Picus Labs. “It is clear that organizations still have difficulty managing vulnerabilities and prioritizing threats. Small gaps that allow attackers at the end of the path to gain access at the domain administrator level are not isolated cases, they are common. Last year, an attack on MGM used domain administrator privileges and superadminister accounts.it shut down slot machines, disabled virtually all systems, and blocked a multibillion-dollar company from doing business for several days.”
Incorrect EDR configurations in macOS lead to vulnerabilities
The Blue Report 2024 also highlights that macOS is much more likely to be configured incorrectly or run without threat detection and response (EDR) tools. MacOS stops only 23% of simulated attacks, compared to 62% for Windows and 65% for Linux. This indicates possible gaps in the skills of IT professionals and approaches to protecting macOS.
“While we found that Macs are less vulnerable, today the reality is that security teams don’t devote enough resources to protecting macOS systems,” said Volkan Ishchuk, co-founder and CTO of Picus Security. “Our latest research suggests that security teams should check their macOS systems for configuration issues. Threat repositories, such as the Picus Threat Library, are equipped with the latest and most important threats on macOS. This helps organizations optimize their risk verification efforts.”
Main conclusions of the report:
- 25% of the company uses passwords, which are stored in the original words of the dictionary. It is easy for the evil-minded people to get rid of the hash of passwords and deny the obliquity of the tribute.
- The organization manages to stop only 9% of the data leakage methods used by attackers.
- BlackByte is the most complex group of ransomware programs for protection, which only 17% of organizations can handle, BabLock-20% and Hive — 30%.
