New research from XM Cyber analyzing the methods, attack paths, and impacts of cyberattacks has discovered that attackers can compromise 94% of critical assets within just four steps of initial breach points. The hybrid cloud security company\u2019s Attack Path Management Impact Report incorporates insights from nearly two million endpoints, files, folders, and cloud resources throughout 2021, highlighting key findings on attack trends and techniques impacting critical assets across on-prem, multi-cloud, and hybrid environments.Critical assets vulnerable to attack, credentials an Achilles healThe findings showed that 75% of an organization\u2019s critical assets are open to compromise in their current security state, while 73% of the top attack techniques used last year involved mismanaged or stolen credentials. Just over a quarter (27%) of most common attack techniques exploited a vulnerability or misconfiguration.\u201c[The] majority of attacks that take place involve more than just one hop to reach an organization\u2019s critical assets. It is during the network propagation stage that the attacker is trying to connect exploits together to breach critical assets,\u201d the report read. \u201cCredentials are here to stay, but in truth they are harder to resolve, while vulnerabilities come and go and are easy to patch,\u201d it added. By directing resources to fix issues at individual choke points, organizations can quickly reduce overall risk and the number of potential attack paths, the report read.Commenting on the data, Zur Ulianitzky, head of research at XM Cyber, said that modern organizations are investing in more platforms, apps, and other tech tools to accelerate their businesses, but they too often fail to realize that the interconnection among all these technologies poses a significant risk. \u201cWhen siloed teams are responsible for different components of security within the network, nobody sees the full picture. One team may ignore a seemingly small risk not realizing that in the big picture, it\u2019s a steppingstone in a hidden attack path to a critical asset. To keep pace with today\u2019s technology and business demands, attack path remediation must be prioritized.\u201dNew attack techniques used in 2021XM Cyber analyzed new attack techniques used in 2021 to gauge how advanced persistent threats (APTs) are exploited and find their way into environments. The research team categorized these into three groups \u2013 cloud techniques, remote code execution (RCE), and techniques that combined the two together. It discovered 87% of new cloud techniques, 70% of new RCE techniques, and 82% of new combination techniques inside environments.The firm also examined how many of these could be simulated and would potentially compromise organizations based on their security states. It found that 90% of companies would be compromised by new techniques that combine RCE\/cloud methods while 78% would fall victim to new RCE techniques. Just 32% of organizations would be compromised by new cloud techniques. \u201cThese are techniques organizations need to focus on and actively work on to eliminate,\u201d the report said. Almost a quarter (23%) of critical assets faced a compromising attack involving a cross-platform technique, the research indicated.Mitigating attack threats across environmentsThe report set out recommendations for organizations to mitigate attack threats across environments. These include focusing security efforts to understand how attackers move from on-premises to the cloud, or vice-versa. \u201cSiloed security tools will continue to look only at one specific security effort \u2013 but it is the combination of multiple attack techniques that pose the greatest risk to our organizations,\u201d it read.Security teams therefore need to hone in on hybrid cloud attacks and misconfigurations and identity issues that are living in their environments. \u201cTo understand whether an organization\u2019s most critical assets are safe, it\u2019s imperative to have visibility into how things change over time, and how those changes affect risk. Modeling attack paths to predict the likelihood of a breach is one way to do this,\u201d the report concluded.