Updated Atumcell Analysis Reveals Modest Progress — and Mounting Cloud-Driven Risks
Six months after revealing widespread domain spoofing vulnerabilities among private equity (PE) firms, cybersecurity firm Atumcell has released an updated report showing that most firms remain exposed — and the risks are growing. The study, titled Still Spoofable, finds that 56% of PE firm and portfolio company domains are spoofable, a slight increase from 55% in November 2024.
Also Read: Emerging IT Trends And Technologies Every CIO Should Stay Ahead Of
The report evaluates 179 mid-market PE firms and their 2845 portfolio companies for adoption of SPF, DKIM, and DMARC, the email authentication protocols that protect organizations from being impersonated in phishing attacks.
Email is now the primary attack surface. Attackers no longer need to break into infrastructure. They phish for credentials, exploit email weaknesses, and move through cloud environments undetected.”
— David Williams, Atumcell CEO
“Email is now the primary attack surface,” said David Williams, CEO of Atumcell. “Attackers no longer need to break into infrastructure. They phish for credentials, exploit email weaknesses, and use that access to move through cloud environments largely undetected.”
One Firm Gets It Right. Most Still Don’t
For the first time in Atumcell’s analysis, a single firm achieved a perfect score, demonstrating complete implementation of spoofing protections across its domain ecosystem. The next closest firm left over 20% of its domains vulnerable, highlighting the gap between best practice and the industry norm. Other notable changes include five new firms entering the top 20 ranking, with one firm climbing 85 spots. However, the overall picture remains bleak: several previously top-ranked firms lost ground, and the majority of domains remain vulnerable to impersonation.
Also Read: The C-Suite Catalyst: How are CIOs unlocking automation’s true strategic value beyond its efficiencies?
Spoofing Now Enables Cloud Breaches
The report warns that spoofing is no longer just a phishing risk. It’s often the first step in cloud compromise. As PE firms rely more on cloud-based tools for communication, file sharing, and portfolio management, a single spoofed email can lead to credential theft, unauthorized access, and significant data exposure.
Cloud service providers charge extra for security logging and alerting, and many mid-market firms forego those features, leaving massive blind spots when attackers gain access.
The report includes actionable recommendations for PE firms and portfolio companies:
1. Check any domain for spoofability using Atumcell’s free tool atumcell.com/spoofcheck
2. Enforce DMARC policies to block unauthorized use of domains
3. Monitor domain configurations regularly
4. Test for spoofing in penetration tests and phishing simulations
5. Invest in cloud logging and visibility tools
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
