40% of Environments are Vulnerable to Full Take Over, New Picus Security Report Unveils

The Picus Blue Report 2024 also found, security controls for macOS endpoints only prevented 23% of simulated attacks, compared to over 60% for Windows and Linux.

San Francisco, USA July 30, 2024Picus Security, the leading security validation company, has released The Blue Report 2024: State of Exposure Management* that revealed 40% of tested environments allowed attack paths that lead to domain admin access. Achieving domain admin access is particularly concerning because it is the highest level of access within an organization’s IT infrastructure, and is like giving attackers a master key. The report was based on a worldwide comprehensive analysis of more than 136 million cyber attacks simulated by the Picus Security Validation Platform.

The Security Domino Effect is Concerning

The report reveals that, on average, organizations prevent 7 out of 10 of attacks, but are still at risk of major cyber incidents because of gaps in threat exposure management that can permit attackers using automation to move laterally through enterprise networks. Of all attacks simulated, only 56% were logged by organizations’ detection tools, and only 12% triggered an alert. 

“Like a cascade of falling dominoes that starts with a single push, small gaps in cybersecurity can lead to big breaches,” said Dr. Suleyman Ozarslan, Picus co-founder and VP of Picus Labs. “It’s clear that organizations are still experiencing challenges when it comes to threat exposure management and balancing priorities. Small gaps that lead to attackers obtaining domain admin access are not isolated incidents, they are widespread. Last year, the attack on MGM used domain admin privileges and super admin accounts. It stopped slot machines, shut down virtually all systems, and blocked a multi-billion dollar company from doing business for days.” 

Well over a third (40%) of environments have weaknesses that allow attackers with initial access to a network to achieve domain admin privileges. Once they have these privileges they can manage user accounts or modify security settings. A compromised domain admin account can lead to full control of the network, allowing attackers to conduct data exfiltration, deploy malware, or disrupt business operations.

macOS EDR Misconfigurations Lead to Vulnerabilities

The Blue Report 2024 also highlights that macOS endpoints are far more likely to be misconfigured or allowed to operate without Endpoint Detection and Response (EDR). macOS endpoints only prevented 23% of simulated attacks, compared to 62% and 65% for Windows and Linux. This highlights a potential gap in IT and security team skill sets and approach in securing macOS environments.

“While we have found Macs are less vulnerable to start, the reality today is that security teams are not putting adequate resources into securing macOS systems,” said Volkan Ertürk, Picus Security Co-Founder and CTO. “Our recent Blue Report research shows that security teams need to validate their macOS systems to surface configuration issues. Threat repositories, like the Picus Threat Library, are armed with the latest and most prominent macOS specific threats to help organizations streamline their validation and mitigation efforts. 

The Blue Report 2024 helps security teams benchmark their performance against peers and identify areas for improvement. Additional key findings include:

  • Common language passwords: 25% of companies use passwords that are words commonly found in the dictionary. This means that it is easy for attackers to crack hashed passwords and obtain cleartext credentials.

  • Organizations only prevent 9% of data exfiltration techniques used by attackers. Data exfiltration is used to steal sensitive data and is commonly used in ransomware attacks.

  • BlackByte, the most challenging ransomware group for organizations to defend against, is prevented by just 17% of organizations, followed by BabLock (20%) and Hive (30%).

For more information: 

Methodology:

The findings in this report are based on the results of simulated attack scenarios executed by Picus Security customers from January to June 2024. The data has been anonymized and aggregated from 136 million attack simulations. Research and analysis was completed by Picus Labs, the research team of Picus Security.

About Picus Security

Picus Security, the leading security validation company, gives organizations their validated risk level and pinpoints critical gaps. Picus Security Validation Platform transforms security practices by correlating, prioritizing, and validating exposures across siloed findings so teams can focus on high-impact fixes. The Picus Exposure Data Fabric and Numi AI help security to understand their risk and work on critical gaps worth pursuing. 

The pioneer of Breach and Attack Simulation, Picus delivers award-winning threat-centric technology. Picus Security also has a willingness to recommend percentage of  95% in the 2024 Gartner® Peer Insights™ Voice of the Customer for Breach and Attack Simulation Tools*.

* Gartner, Voice of the Customer for Breach and Attack Simulation Tools, Peer Contributors, 30 January 2024 

GARTNER is a registered trademark and service mark, and PEER INSIGHTS is a trademark and service mark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.