Cymulate announced a summary of its platform usage in 2021 illustrating
that web application firewalls are the least effective security solutions,
making them prime target for adversaries and high risk points for
organizations.
Highlights
include:
- Overall unique threats in the wild
increased to 819 in 2021, up 36.5% from 2020
- Phishing attacks rose by 161%
during 2021
- User
accounts that lack any form of multi-factor authentication are extensively
abused
- In
2021, post-exploit activity quickly escalated into enterprises
infrastructure - expanding extent of initial compromise and complicating
remediation
- The number of security teams running
assessment campaigns and scenarios grew by 66% in 2021 compared to 2020,
with many enterprises choosing to run at least one assessment per day,
taking corrective actions immediately.
Top
threats that most companies were at risk from in 2021 include LockBit, Conti
and Dharma ransomwares, HAFNIUM, TeamTNT, and APT29 with Log4j abuse, Reg XX
and escalation of privileges via Active Directory flaws expected to continue in
2022.
The
full report can be accessed here.
While
the majority of companies are at medium risk of attacks, the technology sector
is the most vulnerable followed by critical infrastructure and manufacturing.
Risks to the technology industry increased dramatically in 2021 from 2020 with
a rise in spear phishing attacks attempting to gain a foothold. The
weakest link however remained Web Application Firewall and phishing awareness.
While the critical infrastructure sector's most problematic area is data
exfiltration, i.e. the unauthorized movement of data or data theft.
"Every industry
today depends on IT for business success and this is driven by digital
innovation through applications," said Eyal Wachsman, CEO and Co-Founder of
Cymulate. "Attackers however have become very adept at taking advantage of
existing gaps left by the rush towards productivity and adapting progressing
information architectures. And when organizations fail to put metrics in place
for their security programs, these gaps remain open and can lead to devastating
consequences from immediate threats and data theft."
Additional
key findings:
- The Americas are the most vulnerable
region, with the most immediate threats from Data Exfiltration and WAF,
while APAC had the most phishing attempts.
- Attackers took full advantage of
overly permissive accounts without multi-factor authentication (MFA),
malicious Microsoft Macros and Adobe PDF extensions as well as benign
decoy files and Windows API functions resolved at run-time, to launch
successful attacks
The research report is conducted across hundreds of Cymulate's customers
across all geographies and verticals, including healthcare, finance, critical
infrastructure, manufacturing and more. The results are based on anonymized
aggregated data of simulated attack scenarios and campaigns of Cymulate's
global user-base. The Cymulate risk score provides a quantifiable metric that
enables customers to prioritize their mitigation activity, track performance
and benchmark themselves over time.