Hacker’s Successfully Leverage Laterally Movement 70% of the
new Hacker’s Playbook Findings Repor uniquely measured
enterprise security trends from the point of view of an
attacker. Now comprising the collective knowledge and experience
of more than 3,400 breach methods executed across 11.5 million
simulations, this edition found malware infiltration success
rates in excess of 60 percent, and the ability to successfully
move laterally as high as 70 percent of the time. In most all
cases, it seems organizations are continually implementing
security controls, but not a cohesive defensive strategy—and in
some cases, ignoring risks altogether.
The major new findings include:
• Top five malware gets in more than 50 percent of the time. Nesting or “packing” malware executables has repeated success, and the Carbanak banking malware jumped into the top five with a success rate of nearly 60 percent.
• The perimeter security mindset persists. With very little scanning and far too much trust past endpoints, attackers have virtually free reign on the network, with Ransomware and exploits like the NSAEternalRocks experiencing nearly 70 percent success at moving laterally.
• No one is watching the exits. A lack of any outbound scanning or policy is allowing simple data exfiltration more than half the time.
• Control can be elusive but not necessarily expensive. Either
ill-suited for the speed of certain types of attacks, or not
configured correctly or fully, controllers are not optimized to
stop attacks. SafeBreach saw huge improvements in some
organizations’ security with simple tuning of protections.