Member’s Login

Forgot Password  |  Create an account

NSA Exploits, Financial Malware and Ransomware Toying with Security Controls: SafeBreach

Posted By - DynamicCISO,

SafeBreach, the leading provider of Breach and Attack Simulation, yesterday released the third edition of the Hacker’s Playbook Findings Report, which uniquely measures enterprise security trends from the point of view of an attacker. Now comprising the collective knowledge and experience of more than 3,400 breach methods executed across 11.5 million simulations, this edition found malware infiltration success rates in excess of 60 percent, and the ability to successfully move laterally as high as 70 percent of the time. In most all cases, it seems organizations are continually implementing security controls, but not a cohesive defensive strategy—and in some cases, ignoring risks altogether.

The Playbook’s findings represent anonymized data executed within real production environments, including on-premise and cloud deployments in up to 100 networks. This edition includes existing Hacker's Playbook findings report data and new data from deployments between January 2017 and November 2017 and reflects which attacks are blocked, which are successful, and key trends and findings based on actual security controller effectiveness. The major new findings include:

  • Top five malware gets in more than 50 percent of the time. Nesting or “packing” malware executables has repeated success, and the Carbanak banking malware jumped into the top five with a success rate of nearly 60 percent.
  • The perimeter security mindset persists. With very little scanning and far too much trust past endpoints, attackers have virtually free reign on the network, with Ransomware and exploits like the NSA EternalRocks experiencing nearly 70 percent success at moving laterally.
  • No one is watching the exits.  A lack of any outbound scanning or policy is allowing simple data exfiltration more than half the time.
  • Control can be elusive but not necessarily expensive. Either ill-suited for the speed of certain types of attacks, or not configured correctly or fully, controllers are not optimized to stop attacks. SafeBreach saw huge improvements in some organizations’ security with simple tuning of protections.

“The more things change, the more they stay the same is a truism that unfortunately typifies far too many an enterprise security posture,” said Itzik Kotler, SafeBreach co-founder and CTO. “While the multitude of attacker tools and options—and the continuous drumbeat of compromise in the news—can be overwhelming, it doesn’t have to be an admission of defeat. With the understanding that we provide breach methods and scenarios across the entire kill chain and how it applies to each organization uniquely, organizations can significantly reduce risk without breaking the bank. In this latest round of research, one customer reduced attack success on the order of 60 to 70 percent without a single dollar of investment, and in just three weeks.”

The Hacker’s Playbook of breach methods has grown to more than 3,400 breach methods from older attacks like Zeus and CryptoLocker to recent ones like WannaCry, Loki2 and RedLeaves. The methods are combined in a multitude of attack scenarios specific to each organization’s risk and security profile to allow an unparalleled view, and highly accurate and actionable assessment of attack risks—in addition to validating the efficacy of deployed security technologies.

0 Comments
Share:
Related Tags - NSA Exploits, Security Control, SafeBreach Financial Malware, Ransomware,

Subscribe to our newsletter for all the latest updates and special offers.

Click Here To view archive additions

Older Entries

Monday, April 14th, 2014 02:55:00 PM Heartbleed - Bruce Schneier, CTO
Sunday, April 27th, 2014 09:10:00 AM Heartbleed FAQs - Richard Henderson, Security Strategist FortiGuard Labs
View All