Malicious actors moving laterally through their victim’s network can access and compromise 94% of critical assets within four steps of their initial breach point by chaining vulnerabilities, misconfigurations, privileged credentials and simple human error.
Hybrid cloud architectures are particularly vulnerable to such attacks, as malicious actors are able to exploit security gaps, most commonly misconfigurations or lax access controls, to establish a foothold in the network and then move in-between on-premise and cloud applications as needed.
This is according to a report produced by hybrid cloud security specialist XM Cyber. In the study, Impact report: 2021 year in review, the Israel-based organisation rounded up data gleaned from two million endpoints, files, folders and cloud resources during 2021.
The firm’s analysts wanted to study methods, attack paths and impacts of attack techniques that are used against critical assets across on-premise, multi-cloud, and hybrid computing environments.
“Modern organisations are investing in more and more platforms, apps and other tech tools to accelerate their business, but they too often fail to realise that the interconnection between all these technologies poses a significant risk,” said Zur Ulianitzky, XM Cyber research head.
The resulting report sets out the security gaps and hygiene issues that exist across these environments. XM Cyber said it also demonstrated the importance of risk visibility across the entire network, and across teams, as Ulianitzky explained: “When siloed teams are responsible for different components of security within the network, nobody sees the full picture. One team may ignore a seemingly small risk, not realising that in the big picture, it’s a stepping stone in a hidden attack path to a critical asset.”
In addition to the headline statistic, XM Cyber’s report also found that three quarters of an organisation’s critical assets could have been compromised in their then-current security state, and that 78% of organisations are open to compromise every time a new remote code execution vulnerability is disclosed.
But it was abused credentials, rather than high-profile zero-days, that the report said were the biggest risk, with 73% of the most widely used attack techniques involving mismanaged or stolen credentials as an initial compromise.
The bottom line, said the report, is that understanding attack paths and vectors, visualising and modelling them, and learning about how malicious actors use them to pivot through a hybrid environment, and remediating these issues, should be a priority for security teams.
XM Cyber claimed that if defenders know where and when to disrupt attack paths, they can potentially reduce 80% of issues that would otherwise occupy their security resource.