US-based security validation company Picus Security has revealed that 40% of tested environments allowed attack paths that lead to domain admin access. Citing its new report, the CyberSec company raised concerns about domain admin access to the enterprise’s IT infrastructure. This access is a master key for attackers.

In the latest report titled “The Blue Report 2024: State of Exposure Management”, Picus Security mentioned how organizations with gaps in their threat exposure management risk being trapped in major cyber incidents. While organizations can prevent 7 out of 10 incidents, cyber attackers with automation capabilities can break into enterprise networks without detection. Enterprise threat detection tools proved inadequate in identifying simulated attacks, logging only 56% of incidents. Of those detected, a mere 12% triggered alerts. Picus Security Validation Platform is the foundation of this IT security report, analyzing more than 136 million simulated cyber attacks.

This year, organizations lost more to data breaches than in any previous year, according to IBM’s latest report.

At the time of this announcement, Dr. Suleyman Ozarslan, Picus co-founder and VP of Picus Labs, compared the current state of enterprise cybersecurity to a “cascade of falling dominoes.” With a single push to the domino, smaller cybersecurity gaps become the surface attack points for big breaches.

Enterprise Security Teams Leave 40% of IT Environments Exposed to Cyber Attacks

According to Picus Security, 40% of IT environments have weaknesses. These weaknesses or gaps expose the IT infrastructure to severe breaches. Attackers can gain domain admin privileges with initial access to networks. This leads to a network compromise, resulting in data exfiltration, malware deployment, or total business disruption.

Dr. Suleyman said, “It’s clear that organizations are still experiencing challenges when it comes to threat exposure management and balancing priorities. Small gaps that lead to attackers obtaining domain admin access are not isolated incidents, they are widespread. Last year, the attack on MGM used domain admin privileges and super admin accounts. It stopped slot machines, shut down virtually all systems, and blocked a multi-billion dollar company from doing business for days.” 

Other key takeaways from the Picus Security report include:

#1 macOS endpoints demonstrated heightened vulnerability to simulated attacks compared to Linux and Microsoft operating systems. A misconfigured macOS or one without EDR can prevent only 23% of simulated attacks. A secured macOS environment is a security challenge.

#2 Attackers can easily detect and crack common language passwords. Cybercriminals exploit easily crackable passwords to steal credentials and gain unauthorized admin access. 25% of companies risk data breaches to unsecured passwords.

#3 Only 17% of organizations are in a position to defend their IT environment against the ransomware group – BlackByte. Only 20% can defend against BabLock; and 30% against Hive.

Conclusion

In 2024, CIOs and CISOs must understand the cyber-maturity required to identify and thwart the pervasive threat of cyberattacks. The report underscores the urgent need for robust security measures. The staggering financial impact of data breaches, exacerbated by the growing complexity of IT environments, demands a proactive and adaptive approach. By investing in advanced threat detection, prevention, and response capabilities, organizations can mitigate risks and safeguard their digital assets.

Source: Picus Security