New research from XM Cyber analysing the methods, attack paths, and impacts of cyber attacks has discovered that attackers can compromise 94 per cent of critical assets within just four steps of initial breach points.
The hybrid cloud security company’s Attack Path Management Impact Report incorporates insights from nearly two million endpoints, files, folders, and cloud resources throughout 2021, highlighting key findings on attack trends and techniques impacting critical assets across on-premises, multi-cloud, and hybrid environments.
Critical assets vulnerable to attack, credentials an Achilles heal
The findings showed that 75 per cent of an organisation’s critical assets are open to compromise in their current security state, while 73 per cent of the top attack techniques used last year involved mismanaged or stolen credentials. Just over a quarter (27 per cent) of most common attack techniques exploited a vulnerability or misconfiguration.
“[The] majority of attacks that take place involve more than just one hop to reach an organisation’s critical assets. It is during the network propagation stage that the attacker is trying to connect exploits together to breach critical assets,” the report read.
“Credentials are here to stay, but in truth they are harder to resolve, while vulnerabilities come and go and are easy to patch,” it added. By directing resources to fix issues at individual choke points, organisations can quickly reduce overall risk and the number of potential attack paths, the report read.
Commenting on the data, Zur Ulianitzky, head of research at XM Cyber, said that modern organisations are investing in more platforms, apps, and other tech tools to accelerate their businesses, but they too often fail to realise that the interconnection among all these technologies poses a significant risk.
“When siloed teams are responsible for different components of security within the network, nobody sees the full picture. One team may ignore a seemingly small risk not realising that in the big picture, it’s a steppingstone in a hidden attack path to a critical asset. To keep pace with today’s technology and business demands, attack path remediation must be prioritised.”
New attack techniques used in 2021
XM Cyber analysed new attack techniques used in 2021 to gauge how advanced persistent threats (APTs) are exploited and find their way into environments.
The research team categorised these into three groups – cloud techniques, remote code execution (RCE), and techniques that combined the two together. It discovered 87 per cent of new cloud techniques, 70 per cent of new RCE techniques, and 82 per cent of new combination techniques inside environments.
The firm also examined how many of these could be simulated and would potentially compromise organisations based on their security states. It found that 90 per cent of companies would be compromised by new techniques that combine RCE/cloud methods while 78 per cent would fall victim to new RCE techniques. Just 32 per cent of organisations would be compromised by new cloud techniques.
“These are techniques organisations need to focus on and actively work on to eliminate,” the report said. Almost a quarter (23 per cent) of critical assets faced a compromising attack involving a cross-platform technique, the research indicated.
Mitigating attack threats across environments
The report set out recommendations for organisations to mitigate attack threats across environments. These include focusing security efforts to understand how attackers move from on-premises to the cloud, or vice-versa.
“Siloed security tools will continue to look only at one specific security effort – but it is the combination of multiple attack techniques that pose the greatest risk to our organisations,” it read.
Security teams therefore need to hone in on hybrid cloud attacks and misconfigurations and identity issues that are living in their environments.
“To understand whether an organisation’s most critical assets are safe, it’s imperative to have visibility into how things change over time, and how those changes affect risk. Modelling attack paths to predict the likelihood of a breach is one way to do this,” the report concluded.