Attackers compromise 94% of critical assets within four steps of initial breach

New research from XM Cyber analyzing the methods, attack paths, and impacts of cyberattacks has discovered that attackers can compromise 94% of critical assets within just four steps of initial breach points. The hybrid cloud security company’s Attack Path Management Impact Report incorporates insights from nearly two million endpoints, files, folders, and cloud resources throughout 2021, highlighting key findings on attack trends and techniques impacting critical assets across on-prem, multi-cloud, and hybrid environments.

Critical assets vulnerable to attack, credentials an Achilles heal

The findings showed that 75% of an organization’s critical assets are open to compromise in their current security state, while 73% of the top attack techniques used last year involved mismanaged or stolen credentials. Just over a quarter (27%) of most common attack techniques exploited a vulnerability or misconfiguration.

“[The] majority of attacks that take place involve more than just one hop to reach an organization’s critical assets. It is during the network propagation stage that the attacker is trying to connect exploits together to breach critical assets,” the report read. “Credentials are here to stay, but in truth they are harder to resolve, while vulnerabilities come and go and are easy to patch,” it added. By directing resources to fix issues at individual choke points, organizations can quickly reduce overall risk and the number of potential attack paths, the report read.

Commenting on the data, Zur Ulianitzky, head of research at XM Cyber, said that modern organizations are investing in more platforms, apps, and other tech tools to accelerate their businesses, but they too often fail to realize that the interconnection among all these technologies poses a significant risk. “When siloed teams are responsible for different components of security within the network, nobody sees the full picture. One team may ignore a seemingly small risk not realizing that in the big picture, it’s a steppingstone in a hidden attack path to a critical asset. To keep pace with today’s technology and business demands, attack path remediation must be prioritized.”

New attack techniques used in 2021

XM Cyber analyzed new attack techniques used in 2021 to gauge how advanced persistent threats (APTs) are exploited and find their way into environments. The research team categorized these into three groups – cloud techniques, remote code execution (RCE), and techniques that combined the two together. It discovered 87% of new cloud techniques, 70% of new RCE techniques, and 82% of new combination techniques inside environments.

The firm also examined how many of these could be simulated and would potentially compromise organizations based on their security states. It found that 90% of companies would be compromised by new techniques that combine RCE/cloud methods while 78% would fall victim to new RCE techniques. Just 32% of organizations would be compromised by new cloud techniques. “These are techniques organizations need to focus on and actively work on to eliminate,” the report said. Almost a quarter (23%) of critical assets faced a compromising attack involving a cross-platform technique, the research indicated.

Mitigating attack threats across environments

The report set out recommendations for organizations to mitigate attack threats across environments. These include focusing security efforts to understand how attackers move from on-premises to the cloud, or vice-versa. “Siloed security tools will continue to look only at one specific security effort – but it is the combination of multiple attack techniques that pose the greatest risk to our organizations,” it read.

Security teams therefore need to hone in on hybrid cloud attacks and misconfigurations and identity issues that are living in their environments. “To understand whether an organization’s most critical assets are safe, it’s imperative to have visibility into how things change over time, and how those changes affect risk. Modeling attack paths to predict the likelihood of a breach is one way to do this,” the report concluded.