SUNNYVALE, CA – Oct 12, 2016. SafeBreach, a leading innovator of continuous security validation, today announced the second edition of its Hacker’s Playbook™, the industry’s most comprehensive findings of enterprise trends and risks from the point-of-view of an attacker. Since the launch of the first edition in January 2016, the Playbook has grown exponentially — to nearly 4 million breach methods executed. The methods are combined in a multitude of attack scenarios specific to each organization’s risk and security profile, to allow an unparalleled view, and highly accurate and actionable risk assessment — in addition to validating the efficacy of deployed security technologies.
In use at companies across financial, high-tech and retail sectors, the live scenarios played out from the Hacker’s Playbook in real enterprise networks provide a view not only of the external threat landscape but also of the actual internal enterprise risk landscape. With 3,985,011 breach methods executed between January 2016 and September 2016, some of the major findings by SafeBreach customers include:
- “Windows into the Soul” — the prevalence and effectiveness of hidden executable files continues to represent a major infiltration route. Most notably, Microsoft market dominance continues to help fuel this channel with Windows Script Files and MS Word document macros providing a successful entry point as much as one out of four times.
- “A Horse of the Same Color” — the top five malware having the most success propagating within organizations include: Trojan Horses that have been around for more than a year, if not more, including: Citadel, Dridex, Hesperbot, SpyEye and Cryptolocker. Additionally, the old standbys in exploit kits also made appearances, including: Sweet Orange, Neutrino and Rig in the top three, with Magnitude still on the radar.
- “Kicking Sand” — with human error always being a challenge, the most damaging problems were in misconfiguration of malware sandboxing and proxies. The most common error with sandboxes was not correctly configuring to tackle all ports, protocols, file formats or encrypted traffic.
“I think what we’re seeing here is a security industry that is outsmarting itself — and its customers,” said Itzik Kotler, co-founder and CTO at SafeBreach. “Security vendors are chasing the latest threats and introducing extreme innovations but also complexity in deployment, alerts and misconfiguration. The bad guys know this; and they are preying on that with great success.”
Because the SafeBreach platform enables customers to look at attacks, vulnerabilities and weaknesses all together in the context of the systems they inhabit and the network relationships they impact, security teams can see how an actual attack could play out — and how far it could go. This context allows organizations to more intelligently make adjustments and enact fixes to not only close holes in the infrastructure but disrupt and disable paths that could enable greater compromise. The expansion of the Hacker’s Playbook — and the platform itself — also allows organizations to more intelligently evaluate and justify their investments in defensive technologies. Increasingly, three of the major ways in which the Playbook benefits customers, include:
- Breaking Down Breaking News — when a breach makes headlines customers want to immediately know, “can this happen to me?” Drawing from reports, indicators of compromise (IOCs) and investigations, SafeBreach customers can run recent attack scenarios against similar companies to see if they are exposed.
- Challenging the Endpoint — the multitude of endpoint protection platforms can be dizzying and one size doesn’t fit all. By running a variety of breach scenarios, enterprises can validate endpoint security vendor claims and judge what tool is right for their network.
- Weaponizing Threat Intelligence — via integration with leading threat intel platforms, enterprises can feed intelligence into breach scenarios to augment and amplify real world context. Security teams are finding this is a more scalable way to consume threat intelligence and understand the actual impact from campaigns. Some are also using it to understand the efficacy of threat intelligence IoCs from vendors.