The Blue Report 2024
Get a comprehensive analysis of over 136 million cyber attacks and understand the state of threat exposure management.
Have you ever noticed that even the most impactful breaches often start with something as simple as a regular user being targeted through a phishing email or a weak password? From there, attackers methodically follow an attack path by dumping credentials, moving laterally across the network, escalating privileges, and eventually gaining domain administrator access. In other words, rather than relying on an extremely sophisticated single-shot technique, these attacks unfold like a domino effect, where each step paves the way for the next, leading to a full-scale compromise. This is precisely the kind of attack chain that Picus Attack Path Validation (APV), a cutting-edge automated penetration testing software, is designed to expose and validate, ensuring that these security vulnerabilities are identified before they can be exploited.
In this blog, we’ll examine the key findings of the Blue Report 2024. This report details the outcomes of aggregated and anonymized APV attack simulations run by our customers from January 2024 to June 2024. It reveals the most common critical security gaps and how understanding these attack paths can help you better defend your organization.
Understanding the Picus Blue Report 2024
To fully appreciate the findings we’re about to introduce, it’s important to first understand the significance of the Blue Report 2024.
So, What Exactly Is the Blue Report 2024?
The Blue Report is an annual study by Picus Labs, offering insights based on over 136 million attack simulations conducted by Picus Security customers from January to June 2024 on The Security Validation Platform. This year's report stands out by including data from the APV product, which provides a more in-depth analysis of how prepared organizations are against automated penetration tests.
Why Focus on Findings from Attack Path Validation (APV)
While the Blue Report covers a broad spectrum of security simulations, we wanted to show you how “seemingly isolated” security vulnerabilities can be chained together by adversaries to create a path to domain admin access and how they snowball into full compromise. This blog zooms in on the key findings from the Picus Attack Path Validation simulations, highlighting the critical security vulnerabilities that can trigger such a cascading breach.
Automated Penetration Testing: Key Takeaways
This year’s findings reveal several critical vulnerabilities and underscore cybersecurity teams’ challenges in maintaining robust defenses against evolving cyber threats.
Below are some of the most three significant findings from the report, based on the outputs of APV simulations.
Finding 1: Quarter of Attack Simulations Result in Domain Administrator Access
Imagine an attacker having the keys to your entire digital kingdom. In nearly one out of every four tests conducted with Picus Attack Path Validation (APV), this became a reality.
Specifically, in 24 out of every 100 simulated attack scenarios, APV successfully breached defenses to gain domain administrator rights—the highest level of control within an organization’s network. |
This statistic isn't just a number; it's a wake-up call.
It highlights the significant defensive gaps present in a substantial portion of the organizations assessed, exposing pathways for adversaries to achieve complete domain compromise. Gaining domain administrator privileges allows attackers to control user accounts, modify security settings, and manipulate entire network environments unchecked. The frequency with which this level of access was achieved in the simulations reveals a critical flaw in current defense strategies—a flaw that, if not urgently addressed, could result in devastating real-world consequences.
Finding 2: 40% of Organizations Are Vulnerable to Domain Administrator Access
Picus APV revealed that in nearly half of the organizations assessed, there was at least one instance where domain administrator access was achieved.
Specifically, in 40 out of 100 of the organizations assessed, Picus APV uncovered at least one attack path that led to domain administrator access—the highest level of control within an organization’s network. |
This statistic highlights a critical security weakness within nearly half of the assessed organizations. It shows that in 40% of environments, attackers were able to uncover and exploit a series of security weaknesses/misconfigurations that ultimately led to a level of privilege that grants control over the entire domain infrastructure.
Understanding how these attacks unfold helps clarify the severity of this finding.
In practical terms, this often occurs through a methodical attack path. An adversary might begin by targeting a regular user account, dumping and cracking the user's password hash. Once they have these credentials, they can perform privilege escalation—moving from a standard user account to one with expanded privileges. The attacker then performs lateral movement across the network, exploiting additional vulnerabilities and misconfigurations, until they successfully gain domain administrator rights. This chain of actions, often referred to as a "domino effect," demonstrates how multiple, seemingly minor weaknesses can be linked together to achieve a critical breach.
Finding 3: 25% of Organizations Are Vulnerable to Password Cracking
Picus APV revealed that in 25% of the environments tested, APV successfully cracked at least one dumped password hash, converting it into a cleartext password.
Specifically, in one out of every four organizations assessed, these cracked passwords did more than just provide unauthorized access—they exposed the systems to a cascade of further exploitation. |
Once attackers crack a password hash, they gain direct and often undetected access to systems. This access allows them to move laterally across the network, targeting additional systems and expanding their reach. As they navigate through the network, attackers can escalate their privileges, elevating their control from basic user accounts to powerful administrative roles. This escalation is particularly dangerous because it not only increases their impact but also enables them to maintain persistent access, making it difficult for security teams to detect and remove them.
Furthermore, with elevated privileges and persistent access, attackers can bypass existing security measures, exfiltrate sensitive data, and cause substantial harm to the organization. The fact that a quarter of organizations are vulnerable to this type of attack underscores the urgent need for stronger password policies and more robust security measures. Without addressing these vulnerabilities, organizations remain at significant risk of sophisticated breaches.
Four Critical Recommendations for Improved Endpoint Security
The APV findings underscore the importance of addressing security gaps before they can be exploited. To help mitigate these risks, here are four essential recommendations to strengthen your endpoint security.
Recommendation 1: Improve Endpoint Security Configuration
Ensure that security controls on all endpoints, regardless of operating systems, are properly configured and that appropriate AV and EDR tools are in place. Conduct regular audits and endpoint security assessments to identify and fix any misconfigurations.
Recommendation 2: Prioritize Password Security
Implement strong password policies to ensure user passwords are robust against brute force and dictionary attacks. Regularly audit and enforce your compliance with best practices for password security across your organization.
Recommendation 3: Enhance Detection and Prevention Mechanisms
Improve detection capabilities by optimizing the entire detection engineering pipeline, including log collection, performance, and alert mechanisms in SIEM and EDR systems. Regularly review and update detection rules to ensure they remain effective against the latest threats.
These recommendations aim to strengthen your defenses and close the security gaps highlighted by the APV findings. However, understanding the broader impact of these gaps and how to address them strategically requires a more in-depth approach. That’s where Picus APV comes into play.
The Future of Automated Penetration Testing Software: How Can Picus APV Help You?
Picus APV sets itself apart by prioritizing actionable insights over overwhelming volumes of theoretical attack paths. Unlike other solutions that flood security teams with countless hypothetical scenarios, Picus APV simulates the behavior of a real-world attacker, identifying and verifying the shortest, most critical path that poses a real risk to your organization.
Powered by its Intelligent Decision Engine, this AI-driven solution mirrors the tactics of advanced persistent threats (APTs), focusing on the most stealthy and high-risk paths an attacker might exploit. Operating covertly, Picus APV mimics the sophisticated strategies used by today’s most capable adversaries, providing the most realistic and practical approach to automated penetration testing available on the market.
Figure 1. Picus Attack Path Validation (APV)
Conclusion
In conclusion, the APV findings from the Blue Report 2024 reveal a sobering truth about organizational defenses: Attackers don’t need advanced, sophisticated tactics to cause significant damage.
Instead, they can exploit a series of seemingly minor vulnerabilities that, when linked together, lead to catastrophic breaches. These simulations show just how easily attackers can navigate through security gaps, gaining elevated privileges like domain administrator access, which grants them control over user accounts, security settings, and entire network environments. The ease with which these vulnerabilities can be chained highlights the urgent need for organizations to proactively identify and address these risks before they can be exploited.