05-07-2024, 10:36 AM
News 80% of All Security Exposures Come from Active Directory Accounts
<p><img width="1000" height="667" src="https://thecyberexpress.com/wp-content/uploads/Active-Directory-Accounts.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="80% of All Security Exposures Come from Active Directory Accounts" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Active-Directory-Accounts.webp 1000w, https://thecyberexpress.com/wp-content/u...0x200.webp 300w, https://thecyberexpress.com/wp-content/u...8x512.webp 768w, https://thecyberexpress.com/wp-content/u...0x400.webp 600w, https://thecyberexpress.com/wp-content/u...0x100.webp 150w, https://thecyberexpress.com/wp-content/u...0x500.webp 750w" sizes="(max-width: 1000px) 100vw, 1000px"></p>Data sourced from over 40 million exposures that pose high-impact risks to numerous critical business entities revealed that Active Directory typically accounts for 80% of all security exposures identified in organizations.
The <a href="https://info.xmcyber.com/research-report-2024-state-of-exposure-management">research</a> from XM Cyber in collaboration with the Cyentia Institute found that identity and credential misconfigurations fuel a striking majority of security exposures across organizations. Among these exposures, a third directly jeopardize critical assets, serving as a prime target for adversaries seeking to exploit vulnerabilities.
<h3>Active Directory Exposures Dominate the Attack Surface</h3>
Active Directory accounts for over half of entities identified across all environments, as per the report from XM <a class="wpil_keyword_link" title="Cyber" href="https://thecyberexpress.com/cyber-news/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="3329">Cyber</a>.
Thus, a significant portion of security exposures lies within a company's Active Directory, a vital component for user-network resource connectivity. However, this critical infrastructure also presents an attractive target for attackers as it interests them with additional elevated rights.
“An attacker who has compromised an Active Directory account could use it to elevate privileges, conceal <a href="https://thecyberexpress.com/internet-traffic-hacking-exploit-platforms/" target="_blank" rel="noopener" data-wpil-monitor-id="3331">malicious activity</a> in the network, execute malicious code and even gain access to the cloud environment,” XM Cyber explained.
“Many of these exposures stem from the inherent nature of dynamic configuration issues in Active Directory as well as the challenge of keeping it updated. This creates a blind spot that appears <a href="https://thecyberexpress.com/critical-security-flaw-javascript-library-vm2/" target="_blank" rel="noopener" data-wpil-monitor-id="3332">secure</a> on the surface but hides a nest of problems that many security tools can’t see,” the report said.
Misconfigurations and credential attacks emerge as the top contributors to these exposures, introducing gaps that traditional security tools often overlook, such as issues in member management and password resets. These issues “present a challenge for nearly every organization,” XM Cyber said.
Techniques like credential harvesting, dumping, relay and domain credentials feature prominently in the list of top techniques identified by attack path analysis for AWS, Azure and GCP, and Tools like Mimikatz make these techniques even easier to execute and thus make it extremely popular.
Poor practices also make credential-related <a href="https://thecyberexpress.com/generative-ai-revolutionizing-cybersecurity/" target="_blank" rel="noopener" data-wpil-monitor-id="3340">attack paths</a> more easy and potent. XM Cyber said it identified highly privileged Active Directory credentials cached on multiple machines in 79% of organizations, and one in five of those have admin-level permissions on 100 or more devices.
Furthermore, poor endpoint hygiene afflicts the majority of environments, with over 25% of devices lacking EDR coverage or containing cached credentials, offering attackers ample entry points to establish footholds. These overlooked <a class="wpil_keyword_link" title="vulnerabilities" href="https://thecyberexpress.com/what-are-vulnerabilities/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="3330">vulnerabilities</a> in identity and endpoint security form a fertile ground for hackers, demanding urgent attention from organizations.
Zur Ulianitzky, Vice President of Security Research at XM Cyber, emphasized the necessity of broadening exposure management beyond vulnerabilities to encompass all potential adversary pathways, including misconfigurations and user behavior. The research revealed that a mere 2% of exposures exist on critical 'choke points,' where adversaries <a href="https://thecyberexpress.com/what-is-hacking/" target="_blank" rel="noopener" data-wpil-monitor-id="3339">exploit vulnerabilities</a> to access crucial assets.
<h3>CVEs are a Drop in the Ocean</h3>
Despite organizations' focus on managing traditional software vulnerabilities tracked by CVE identifiers, these efforts barely scratch the surface. XM Cyber's analysis uncovered approximately 15,000 exposures per organization, with CVE-based vulnerabilities constituting less than 1% of this extensive exposure landscape.
Even <a href="https://thecyberexpress.com/white-house-executive-order-for-cybersecurity/" target="_blank" rel="noopener" data-wpil-monitor-id="3338">concerning exposures</a> affecting critical assets, CVEs represent only a minute fraction, highlighting significant blind spots in security programs fixated solely on vulnerability patching.
<h3>Exposed Critical Assets in the Cloud</h3>
Active Directory is the largest attack surface, according to XM Cyber, but the largest share of exposures to critical assets is in the cloud.
Cloud environments, amidst rapid adoption by organizations, are not immune to exposure <a class="wpil_keyword_link" title="risks" href="https://thecyberexpress.com/what-are-risks-in-cybersecurity/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="3328">risks</a>. Over half (56%) of exposures affecting critical assets are <a href="https://thecyberexpress.com/ddos-attack-bulgarian-websites-russia/" target="_blank" rel="noopener" data-wpil-monitor-id="3333">traced back</a> to cloud platforms, presenting a significant threat as attackers seamlessly traverse between on-premises and cloud environments.
This fluid movement poses a substantial <a href="https://thecyberexpress.com/best-grc-tools-for-effective-risk-management/" target="_blank" rel="noopener" data-wpil-monitor-id="3335">risk</a> to cloud-based assets, allowing attackers to compromise critical resources with minimal effort.
<h3>Exposure Risks Across Sectors</h3>
Industry-specific analysis from the report reveals discrepancies in exposure <a href="https://thecyberexpress.com/cyble-top-companies-risk-compliance-solutions/" target="_blank" rel="noopener" data-wpil-monitor-id="3334">risks across sectors</a>. Industries like Energy and Manufacturing exhibit a higher proportion of internet-exposed critical assets affected by exposures compared to <a href="https://thecyberexpress.com/digital-operational-resilience-act-eu/" target="_blank" rel="noopener" data-wpil-monitor-id="3337">Financial Services</a> organizations, despite the latter's larger digital footprint.
<a href="https://thecyberexpress.com/cyberattack-on-brightstar-care/" target="_blank" rel="noopener" data-wpil-monitor-id="3336">Healthcare providers</a>, facing inherent challenges in minimizing risk, contend with a median number of exposures five times higher than the Energy and Utilities sector, emphasizing the need for tailored exposure management strategies.
Exposure Management is currently beyond addressing only vulnerabilities and CVEs. Organizations need to adopt a holistic and ongoing Exposure Management approach, incorporating attack path modeling to pinpoint and resolve infrastructure weak points.
Emphasis should be placed on tackling identity issues, Active Directory exposures and cloud cyber hygiene, while advocating for tailored solutions according to industry and scale.
<span class="ui-provider ee bqk bql bqm bqn bqo bqp bqq bqr bqs bqt bqu bqv bqw bqx bqy bqz bra brb brc brd bre brf brg brh bri brj brk brl brm brn bro brp brq brr" dir="ltr" style="color: #ff0000;"><i>Media Disclaimer: This <a href="https://thecyberexpress.com/security-researchers-report-vulnerability-in-oracle-cloud-infrastructure/" target="_blank" rel="noopener" data-wpil-monitor-id="3040">report is based on internal and external research</a> obtained through various means. The <a href="https://thecyberexpress.com/cisco-duo-data-breach-exposes-mfa-information/" target="_blank" rel="noopener" data-wpil-monitor-id="3052">information provided</a> is for reference purposes only, and users bear full responsibility for their reliance on it. </i><a class="fui-Link ___1rxvrpe f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1hu3pq6 f11qmguv f19f4twv f1tyq0we f1g0x7ka fhxju0i f1qch9an f1cnd47f fqv5qza f1vmzxwi f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn" style="color: #ff0000;" title="https://thecyberexpress.com/" href="https://thecyberexpress.com/" target="_blank" rel="noreferrer noopener" aria-label="Link The Cyber Express"><i>The Cyber Express</i></a><i> assumes no liability for the accuracy or consequences of using this information.</i></span>
https://thecyberexpress.com/active-direc...on-a-high/
<p><img width="1000" height="667" src="https://thecyberexpress.com/wp-content/uploads/Active-Directory-Accounts.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="80% of All Security Exposures Come from Active Directory Accounts" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Active-Directory-Accounts.webp 1000w, https://thecyberexpress.com/wp-content/u...0x200.webp 300w, https://thecyberexpress.com/wp-content/u...8x512.webp 768w, https://thecyberexpress.com/wp-content/u...0x400.webp 600w, https://thecyberexpress.com/wp-content/u...0x100.webp 150w, https://thecyberexpress.com/wp-content/u...0x500.webp 750w" sizes="(max-width: 1000px) 100vw, 1000px"></p>Data sourced from over 40 million exposures that pose high-impact risks to numerous critical business entities revealed that Active Directory typically accounts for 80% of all security exposures identified in organizations.
The <a href="https://info.xmcyber.com/research-report-2024-state-of-exposure-management">research</a> from XM Cyber in collaboration with the Cyentia Institute found that identity and credential misconfigurations fuel a striking majority of security exposures across organizations. Among these exposures, a third directly jeopardize critical assets, serving as a prime target for adversaries seeking to exploit vulnerabilities.
<h3>Active Directory Exposures Dominate the Attack Surface</h3>
Active Directory accounts for over half of entities identified across all environments, as per the report from XM <a class="wpil_keyword_link" title="Cyber" href="https://thecyberexpress.com/cyber-news/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="3329">Cyber</a>.
Thus, a significant portion of security exposures lies within a company's Active Directory, a vital component for user-network resource connectivity. However, this critical infrastructure also presents an attractive target for attackers as it interests them with additional elevated rights.
“An attacker who has compromised an Active Directory account could use it to elevate privileges, conceal <a href="https://thecyberexpress.com/internet-traffic-hacking-exploit-platforms/" target="_blank" rel="noopener" data-wpil-monitor-id="3331">malicious activity</a> in the network, execute malicious code and even gain access to the cloud environment,” XM Cyber explained.
“Many of these exposures stem from the inherent nature of dynamic configuration issues in Active Directory as well as the challenge of keeping it updated. This creates a blind spot that appears <a href="https://thecyberexpress.com/critical-security-flaw-javascript-library-vm2/" target="_blank" rel="noopener" data-wpil-monitor-id="3332">secure</a> on the surface but hides a nest of problems that many security tools can’t see,” the report said.
Misconfigurations and credential attacks emerge as the top contributors to these exposures, introducing gaps that traditional security tools often overlook, such as issues in member management and password resets. These issues “present a challenge for nearly every organization,” XM Cyber said.
Techniques like credential harvesting, dumping, relay and domain credentials feature prominently in the list of top techniques identified by attack path analysis for AWS, Azure and GCP, and Tools like Mimikatz make these techniques even easier to execute and thus make it extremely popular.
Poor practices also make credential-related <a href="https://thecyberexpress.com/generative-ai-revolutionizing-cybersecurity/" target="_blank" rel="noopener" data-wpil-monitor-id="3340">attack paths</a> more easy and potent. XM Cyber said it identified highly privileged Active Directory credentials cached on multiple machines in 79% of organizations, and one in five of those have admin-level permissions on 100 or more devices.
Furthermore, poor endpoint hygiene afflicts the majority of environments, with over 25% of devices lacking EDR coverage or containing cached credentials, offering attackers ample entry points to establish footholds. These overlooked <a class="wpil_keyword_link" title="vulnerabilities" href="https://thecyberexpress.com/what-are-vulnerabilities/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="3330">vulnerabilities</a> in identity and endpoint security form a fertile ground for hackers, demanding urgent attention from organizations.
Zur Ulianitzky, Vice President of Security Research at XM Cyber, emphasized the necessity of broadening exposure management beyond vulnerabilities to encompass all potential adversary pathways, including misconfigurations and user behavior. The research revealed that a mere 2% of exposures exist on critical 'choke points,' where adversaries <a href="https://thecyberexpress.com/what-is-hacking/" target="_blank" rel="noopener" data-wpil-monitor-id="3339">exploit vulnerabilities</a> to access crucial assets.
<h3>CVEs are a Drop in the Ocean</h3>
Despite organizations' focus on managing traditional software vulnerabilities tracked by CVE identifiers, these efforts barely scratch the surface. XM Cyber's analysis uncovered approximately 15,000 exposures per organization, with CVE-based vulnerabilities constituting less than 1% of this extensive exposure landscape.
Even <a href="https://thecyberexpress.com/white-house-executive-order-for-cybersecurity/" target="_blank" rel="noopener" data-wpil-monitor-id="3338">concerning exposures</a> affecting critical assets, CVEs represent only a minute fraction, highlighting significant blind spots in security programs fixated solely on vulnerability patching.
<h3>Exposed Critical Assets in the Cloud</h3>
Active Directory is the largest attack surface, according to XM Cyber, but the largest share of exposures to critical assets is in the cloud.
Cloud environments, amidst rapid adoption by organizations, are not immune to exposure <a class="wpil_keyword_link" title="risks" href="https://thecyberexpress.com/what-are-risks-in-cybersecurity/" target="_blank" rel="noopener" data-wpil-keyword-link="linked" data-wpil-monitor-id="3328">risks</a>. Over half (56%) of exposures affecting critical assets are <a href="https://thecyberexpress.com/ddos-attack-bulgarian-websites-russia/" target="_blank" rel="noopener" data-wpil-monitor-id="3333">traced back</a> to cloud platforms, presenting a significant threat as attackers seamlessly traverse between on-premises and cloud environments.
This fluid movement poses a substantial <a href="https://thecyberexpress.com/best-grc-tools-for-effective-risk-management/" target="_blank" rel="noopener" data-wpil-monitor-id="3335">risk</a> to cloud-based assets, allowing attackers to compromise critical resources with minimal effort.
<h3>Exposure Risks Across Sectors</h3>
Industry-specific analysis from the report reveals discrepancies in exposure <a href="https://thecyberexpress.com/cyble-top-companies-risk-compliance-solutions/" target="_blank" rel="noopener" data-wpil-monitor-id="3334">risks across sectors</a>. Industries like Energy and Manufacturing exhibit a higher proportion of internet-exposed critical assets affected by exposures compared to <a href="https://thecyberexpress.com/digital-operational-resilience-act-eu/" target="_blank" rel="noopener" data-wpil-monitor-id="3337">Financial Services</a> organizations, despite the latter's larger digital footprint.
<a href="https://thecyberexpress.com/cyberattack-on-brightstar-care/" target="_blank" rel="noopener" data-wpil-monitor-id="3336">Healthcare providers</a>, facing inherent challenges in minimizing risk, contend with a median number of exposures five times higher than the Energy and Utilities sector, emphasizing the need for tailored exposure management strategies.
Exposure Management is currently beyond addressing only vulnerabilities and CVEs. Organizations need to adopt a holistic and ongoing Exposure Management approach, incorporating attack path modeling to pinpoint and resolve infrastructure weak points.
Emphasis should be placed on tackling identity issues, Active Directory exposures and cloud cyber hygiene, while advocating for tailored solutions according to industry and scale.
<span class="ui-provider ee bqk bql bqm bqn bqo bqp bqq bqr bqs bqt bqu bqv bqw bqx bqy bqz bra brb brc brd bre brf brg brh bri brj brk brl brm brn bro brp brq brr" dir="ltr" style="color: #ff0000;"><i>Media Disclaimer: This <a href="https://thecyberexpress.com/security-researchers-report-vulnerability-in-oracle-cloud-infrastructure/" target="_blank" rel="noopener" data-wpil-monitor-id="3040">report is based on internal and external research</a> obtained through various means. The <a href="https://thecyberexpress.com/cisco-duo-data-breach-exposes-mfa-information/" target="_blank" rel="noopener" data-wpil-monitor-id="3052">information provided</a> is for reference purposes only, and users bear full responsibility for their reliance on it. </i><a class="fui-Link ___1rxvrpe f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1hu3pq6 f11qmguv f19f4twv f1tyq0we f1g0x7ka fhxju0i f1qch9an f1cnd47f fqv5qza f1vmzxwi f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn" style="color: #ff0000;" title="https://thecyberexpress.com/" href="https://thecyberexpress.com/" target="_blank" rel="noreferrer noopener" aria-label="Link The Cyber Express"><i>The Cyber Express</i></a><i> assumes no liability for the accuracy or consequences of using this information.</i></span>
https://thecyberexpress.com/active-direc...on-a-high/