New research analyzing the methods, attack paths, and impacts of cyberattacks in 2021 highlights the threats impacting critical assets across on-premises, multi-cloud,and hybrid environments. Credit: Thinkstock New research from XM Cyber analyzing the methods, attack paths, and impacts of cyberattacks has discovered that attackers can compromise 94% of critical assets within just four steps of initial breach points. The hybrid cloud security company’s Attack Path Management Impact Report incorporates insights from nearly two million endpoints, files, folders, and cloud resources throughout 2021, highlighting key findings on attack trends and techniques impacting critical assets across on-prem, multi-cloud, and hybrid environments.Critical assets vulnerable to attack, credentials an Achilles healThe findings showed that 75% of an organization’s critical assets are open to compromise in their current security state, while 73% of the top attack techniques used last year involved mismanaged or stolen credentials. Just over a quarter (27%) of most common attack techniques exploited a vulnerability or misconfiguration.“[The] majority of attacks that take place involve more than just one hop to reach an organization’s critical assets. It is during the network propagation stage that the attacker is trying to connect exploits together to breach critical assets,” the report read. “Credentials are here to stay, but in truth they are harder to resolve, while vulnerabilities come and go and are easy to patch,” it added. By directing resources to fix issues at individual choke points, organizations can quickly reduce overall risk and the number of potential attack paths, the report read. Commenting on the data, Zur Ulianitzky, head of research at XM Cyber, said that modern organizations are investing in more platforms, apps, and other tech tools to accelerate their businesses, but they too often fail to realize that the interconnection among all these technologies poses a significant risk. “When siloed teams are responsible for different components of security within the network, nobody sees the full picture. One team may ignore a seemingly small risk not realizing that in the big picture, it’s a steppingstone in a hidden attack path to a critical asset. To keep pace with today’s technology and business demands, attack path remediation must be prioritized.” New attack techniques used in 2021XM Cyber analyzed new attack techniques used in 2021 to gauge how advanced persistent threats (APTs) are exploited and find their way into environments. The research team categorized these into three groups – cloud techniques, remote code execution (RCE), and techniques that combined the two together. It discovered 87% of new cloud techniques, 70% of new RCE techniques, and 82% of new combination techniques inside environments.The firm also examined how many of these could be simulated and would potentially compromise organizations based on their security states. It found that 90% of companies would be compromised by new techniques that combine RCE/cloud methods while 78% would fall victim to new RCE techniques. Just 32% of organizations would be compromised by new cloud techniques. “These are techniques organizations need to focus on and actively work on to eliminate,” the report said. Almost a quarter (23%) of critical assets faced a compromising attack involving a cross-platform technique, the research indicated. Mitigating attack threats across environmentsThe report set out recommendations for organizations to mitigate attack threats across environments. These include focusing security efforts to understand how attackers move from on-premises to the cloud, or vice-versa. “Siloed security tools will continue to look only at one specific security effort – but it is the combination of multiple attack techniques that pose the greatest risk to our organizations,” it read.Security teams therefore need to hone in on hybrid cloud attacks and misconfigurations and identity issues that are living in their environments. “To understand whether an organization’s most critical assets are safe, it’s imperative to have visibility into how things change over time, and how those changes affect risk. Modeling attack paths to predict the likelihood of a breach is one way to do this,” the report concluded. Related content brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security news Iranian hackers harvest credentials through advanced social engineering campaigns Mandiant observed several malicious campaigns with threat actors impersonating journalists and harvesting the victim’s cloud environment credentials. By Shweta Sharma May 02, 2024 4 mins Hacker Groups Social Engineering news Dropbox Sign hack exposed user data, raises security concerns for e-sign industry The names and email addresses of those customers were also exposed who had never created an account with Dropbox Sign but had “received or signed a document through Dropbox Sign.” By Gyana Swain May 02, 2024 5 mins Data Breach news UnitedHealth hack may impact a third of US citizens: CEO testimony Despite paying a $22 million ransom in Bitcoin to regain access to encrypted files, the company cannot confirm whether copies of the data were made or published online. By Prasanth Aby Thomas May 02, 2024 4 mins Data Breach Ransomware Hacking PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe