A worrying number of environments are vulnerable to full takeover via elevated privileges, new report from Picus Security has found.
The environments were tested with simulated attacks, with the average organization defending against 7 out of 10 attacks. However, given the constant threat posed by organized cybercriminal groups, there is still a significant chance of potential intruders.
Of all simulated attacks, more than half (56%) were recorded by firewalls, while only 12% triggered an alert.
macOS puts organizations at risk
A complete takeover of the environment occurs when an attacker can elevate their privileges to the level of administrator. This gives the attacker access to systems and networks to steal data, install malware, and much more.
When it comes to which operating systems were most successful at fending off simulated attacks, Linux came out on top at 65%, closely followed by Windows at 62% and macOS at just 23% of attack attempts.
“While we’ve found that Macs are less vulnerable early on, the reality today is that security teams aren’t putting enough resources into securing macOS systems,” said Volkan Ertürk, co-founder and CTO of Picus Security.
“Our recent Blue Report research shows that security teams need to validate their macOS systems to uncover configuration issues. Threat repositories, such as the Picus Threat Library, are equipped with the latest and most prominent macOS-specific threats to help organizations streamline their validation and mitigation efforts,” Ertürk concluded.
Many environments were also at risk due to a lack of best practices, with 25% of companies using passwords in common languages that could easily be brute-forced or decrypted into readable credentials. Furthermore, only 9% of data exfiltration techniques were prevented by the organizations tested, with BlackByte being the most challenging group for organizations to defend against (17%), followed by BabLock (20%) and Hive (30%).
“Like a cascade of falling dominoes that starts with a single push, small gaps in cybersecurity can lead to major breaches,” said Dr. Suleyman Ozarslan, Picus co-founder and VP of Picus Labs.
“It’s clear that organizations continue to face challenges when it comes to managing threat exposure and balancing priorities. Small gaps that lead to attackers gaining domain admin access aren’t isolated incidents, they’re common. Last year’s attack on MGM leveraged domain admin rights and super admin accounts. It shut down slot machines, virtually shut down all systems, and blocked a multi-billion dollar company from doing business for days,” Ozarslan said.