Dec 05, 2017

NSA Exploits, Financial Malware and Ransomware Toying with Security Controls in SafeBreach’s Latest Hacker’s Playbook Findings Report

SUNNYVALE, CA, Dec. 05, 2017 (GLOBE NEWSWIRE). SafeBreach, the leading provider of Breach and Attack Simulation, today released the third edition of the Hacker’s Playbook™ Findings Report, which uniquely measures enterprise security trends from the point of view of an attacker. Now comprising the collective knowledge and experience of more than 3,400 breach methods executed across 11.5 million simulations, this edition found malware infiltration success rates in excess of 60 percent, and the ability to successfully move laterally as high as 70 percent of the time. In most all cases, it seems organizations are continually implementing security controls, but not a cohesive defensive strategy—and in some cases, ignoring risks altogether.

The Playbook’s findings represent anonymized data executed within real production environments, including on-premise and cloud deployments in up to 100 networks. This edition includes existing Hacker’s Playbook findings report data and new data from deployments between January 2017 and November 2017 and reflects which attacks are blocked, which are successful, and key trends and findings based on actual security controller effectiveness. The major new findings include:

  • Top five malware gets in more than 50 percent of the time. Nesting or “packing” malware executables has repeated success, and the Carbanak banking malware jumped into the top five with a success rate of nearly 60 percent.
  • The perimeter security mindset persists. With very little scanning and far too much trust past endpoints, attackers have virtually free reign on the network, with Ransomware and exploits like the NSAEternalRocks experiencing nearly 70 percent success at moving laterally.
  • No one is watching the exits. A lack of any outbound scanning or policy is allowing simple data exfiltration more than half the time.
  • Control can be elusive but not necessarily expensive. Either ill-suited for the speed of certain types of attacks, or not configured correctly or fully, controllers are not optimized to stop attacks. SafeBreach saw huge improvements in some organizations’ security with simple tuning of protections.

“The more things change, the more they stay the same is a truism that unfortunately typifies far too many an enterprise security posture,” said Itzik Kotler, SafeBreach co-founder and CTO. “While the multitude of attacker tools and options—and the continuous drumbeat of compromise in the news—can be overwhelming, it doesn’t have to be an admission of defeat. With the understanding that we provide breach methods and scenarios across the entire kill chain and how it applies to each organization uniquely, organizations can significantly reduce risk without breaking the bank. In this latest round of research, one customer reduced attack success on the order of 60 to 70 percent without a single dollar of investment, and in just three weeks.”

The Hacker’s Playbook of breach methods has grown to more than 3,400 breach methods from older attacks like Zeus and CryptoLocker to recent ones like WannaCry, Loki2 and RedLeaves. The methods are combined in a multitude of attack scenarios specific to each organization’s risk and security profile to allow an unparalleled view, and highly accurate and actionable assessment of attack risks—in addition to validating the efficacy of deployed security technologies.

Download SafeBreach’s third edition of the Hacker’s Playbook Findings Report here.

About SafeBreach

A pioneer in the Breach and Attack Simulation (BAS) market, SafeBreach is the world’s most widely used continuous security validation platform. The patented platform automatically and safely executes thousands of attack methods to validate network, endpoint, cloud, container, and email security controls against its Hacker’s Playbook™, the world’s largest collection of attack data broken down by methods, tactics and threat actors. Founded in 2014 by experienced CISOs, hackers, and security entrepreneurs, SafeBreach makes it possible for security teams to invest wisely, protect more and mitigate risk.

Media Contact:

Merritt Group for SafeBreach – safebreach@merrittgrp.com

Subscribe to
our Newsletter