New report shows organizations are embracing a more proactive approach to security to address new and existing threats
Cymulate, the leader in security and exposure validation,published its 2024 State of Exposure Management & Security Validation research report. The report, which aggregates anonymized data from attack surface assessments, simulated attack scenarios and campaigns, and automated red teaming activities across more than 500 Cymulate customers, highlights the proactive approach that takes an attacker’s view to identify and address security gaps before attackers find and exploit them.
Latest Articles : Empowering the Future: Women in STEM and the Tech Revolution
The Cymulate research highlights the correlation of threat exposures from vulnerabilities, misconfigurations and other weaknesses with both threat activity and the security controls designed to mitigate the threats. In this correlated analysis of exposures, threats and controls, the Cymulate research noted that the infamous Log4Shell vulnerability (CVE: 2021-44228) from late 2021 remains one of the most frequently targeted vulnerabilities. Threat actors, such as Lazarus, MuddyWater and groups associated with North Korea and Iran, targeted the vulnerability in their 2023 campaigns. On average, 75% of web application firewalls demonstrated their ability to block exploits of the Log4Shell vulnerability, while endpoint security and web gateway protection showed security effectiveness from 62% to 89% to protect against post-exploit threat activity in these campaigns.
The Cymulate report identified the Pikabot malware family as the most frequently assessed threat among Cymulate customers. Pikabot emerged in 2023 as a malicious backdoor exploit associated with ransomware distribution, crypto mining, data theft and remote control. In their validation of the threat, Cymulate research shows that, on average, security controls were only 47% effective, which means 53% of the Pikabot assessments were able to penetrate defenses.
Recommended: CIO Influence Interview with Neil Kole, Chief Information Officer at Boomi
Among the report’s other key findings was the exposure risk created by 63% of organizations reporting at least one instance of publicly exposed management services. A security weakness not associated with vulnerabilities, these publicly exposed management services greatly expand the attack surface by creating initial access points to malicious actors. The Cymulate research noted 47% of organizations have at least one instance of publicly exposed email services and 10% exposed database services publicly.
The Cymulate research showed an overall 5% decrease in control effectiveness based on the average Cymulate score of controls and vectors. While a decrease in effectiveness is obviously concerning, it also underscores the importance of security validation practices, which can allow organizations to identify where coverage gaps exist and implement mitigation tactics or compensating controls.
“This new research underscores the critical insights that exposure management and security validation solutions can provide for today’s businesses,” said Avihai Ben Yossef, Cymulate co-founder and CTO. “As new attack tactics emerge and adversaries continue to make use of existing vulnerabilities, businesses cannot afford to be reactive. They need to proactively gauge the effectiveness of their security solutions, identify where gaps exist and take the necessary action to limit their risk and mitigate their exposure. We are encouraged to see a growing number of organizations adopting the exposure management and security validation tools needed to improve their security posture.”
One of the report’s most consistent themes was the continued exploitation of older, known vulnerabilities rather than new or innovative techniques. Misconfigurations leading to weakened encryption and increased susceptibility to attack remain common particularly within older web applications using legacy code that cannot be updated. More than 30% of Cymulate scans identified vulnerable cipher suites for HTTPS, which remains an actively exploited area of an older flaw. These findings serve as an important reminder that today’s organizations must ensure they have strong security fundamentals in addition to preparing for new and emerging threats.
Recommended: Neal Singh, Industry Veteran from Microsoft, GE, and Icertis, Joins Zenoti as President & COO
[To share your insights with us as part of editorial or sponsored content, please write to sghosh@martechseries.com]