10 Aug Thwarting attacks and protecting critical assets

Shay Siksik, VP Customer Experience, XM Cyber, looks at why attack path remediation is a vital part of an organisation’s cybersecurity toolkit.

Modern organisations are continuing to invest in an assortment of platforms, apps and other tools to accelerate business, but many fail to realise that the interconnections between their technologies can pose significant risks. When siloed teams are responsible for different components of security in a network, nobody sees the full picture. One team may ignore a seemingly small risk, not realising that in the big picture, it’s actually a stepping stone along a hidden attack path to a critical asset.

An attack path is a chain of attack vectors (vulnerabilities, misconfigurations, user privileges, human errors, etc.) that a hacker can use to move laterally through the network, pivoting from on-prem networks into the cloud or vice versa.

The cloud problem

Organisations are adopting cloud computing in record numbers. Currently, Gartner predicts the rate of cloud adoption will increase to around $482 billion by the end of 2022. This rapid growth of the cloud computing ecosystem means many experts predict the industry will be worth around $947.3bn by 2026.

As the uptick in organisations transitioning to cloud environments continues, cybercriminals are doing the same and focusing heavily on targeting them. Understanding the latest attack techniques will help businesses better prepare for threats today and in the future. To keep pace with today’s technology and business demands, security teams need the visibility into where their security exposures and IT hygiene issues exist to proactively remediate these ahead of the next attack.

Today’s siloed solutions and endless alerts make it very difficult to understand how a combination of exposures such as vulnerabilities, misconfigurations, credentials, and user activity can be exploited by an attacker to reach business critical assets. Attack path management gives teams visibility into the organisation’s risk across on-prem and hybrid networks so that at any given moment they can comprehend the businesses’ security posture. More importantly, when armed with this knowledge, teams can also prioritise what they need to remediate first in order to eradicate a potential attack path.

New attack techniques

The attack techniques used to compromise critical assets in enterprise and cloud environments are widespread throughout most organisations. XM Cyber recently published research analysing these methods.

The most impactful technique the research uncovered involved compromised domain credentials that allowed attackers to move laterally throughout the enterprise network. In fact, the research found that 73 per cent of the top techniques involve mismanaged or stolen credentials. They are the Achilles’ heel of the cloud.

Another attack technique involves the exploitation of shared folder permissions that are poorly configured and managed. Some computers act as a file share server, meaning the attacker can use file vulnerabilities in applications such as MS Office to compromise nodes immediately. By infecting these files, the attackers can replace the credentials. This form of poor security hygiene enables them to further move laterally within the organisation’s network environment.

When looking at cloud environments like AWS, Azure and others, it’s clear that the identities are usually given powerful permissions, sometimes absent of the security team’s full due diligence. This opens easy vectors for the attacker seeking access to critical cloud resources, and enables them to escalate their privileges within the environment and ultimately target critical assets that put the business at high risk.

Combating the problem

An attack path management platform takes the threat actor’s perspective to show each step they can take to get closer to the company’s critical assets. Attack path remediation continuously uncovers hidden attack paths to an organisation’s critical assets across cloud and on-prem environments. This enables the company to cut off attacks at key junctures and eradicates risk with a fraction of the effort required by other solutions.

Attack path management also pinpoints which exposures are the most impactful, how they originated, and how to quickly and efficiently eradicate them. Armed with these remediation efforts, security teams need no longer be overwhelmed with constant alerts that they don’t know how to prioritise.

To keep pace with today’s technology and business demands — not to mention the ever-growing sophistication of bad actors — attack path remediation should be part of any organisation’s cybersecurity toolbox.