NSA Exploits, Financial Malware and Ransomware Toying with Security Controls in SafeBreach’s Latest Hacker’s Playbook™ Findings Report

Third Edition Finds Some New Names, But Same Weaknesses Remain


SUNNYVALE, Calif., Dec. 05, 2017 (GLOBE NEWSWIRE) -- SafeBreach, the leading provider of Breach and Attack Simulation, today released the third edition of the Hacker’s Playbook™ Findings Report, which uniquely measures enterprise security trends from the point of view of an attacker. Now comprising the collective knowledge and experience of more than 3,400 breach methods executed across 11.5 million simulations, this edition found malware infiltration success rates in excess of 60 percent, and the ability to successfully move laterally as high as 70 percent of the time. In most all cases, it seems organizations are continually implementing security controls, but not a cohesive defensive strategy—and in some cases, ignoring risks altogether.

The Playbook’s findings represent anonymized data executed within real production environments, including on-premise and cloud deployments in up to 100 networks. This edition includes existing Hacker's Playbook findings report data and new data from deployments between January 2017 and November 2017 and reflects which attacks are blocked, which are successful, and key trends and findings based on actual security controller effectiveness. The major new findings include:

  • Top five malware gets in more than 50 percent of the time. Nesting or “packing” malware executables has repeated success, and the Carbanak banking malware jumped into the top five with a success rate of nearly 60 percent.
  • The perimeter security mindset persists. With very little scanning and far too much trust past endpoints, attackers have virtually free reign on the network, with Ransomware and exploits like the NSAEternalRocks experiencing nearly 70 percent success at moving laterally.
  • No one is watching the exits.  A lack of any outbound scanning or policy is allowing simple data exfiltration more than half the time.
  • Control can be elusive but not necessarily expensive. Either ill-suited for the speed of certain types of attacks, or not configured correctly or fully, controllers are not optimized to stop attacks. SafeBreach saw huge improvements in some organizations’ security with simple tuning of protections.

“The more things change, the more they stay the same is a truism that unfortunately typifies far too many an enterprise security posture,” said Itzik Kotler, SafeBreach co-founder and CTO. “While the multitude of attacker tools and options—and the continuous drumbeat of compromise in the news—can be overwhelming, it doesn’t have to be an admission of defeat. With the understanding that we provide breach methods and scenarios across the entire kill chain and how it applies to each organization uniquely, organizations can significantly reduce risk without breaking the bank. In this latest round of research, one customer reduced attack success on the order of 60 to 70 percent without a single dollar of investment, and in just three weeks.”

The Hacker’s Playbook of breach methods has grown to more than 3,400 breach methods from older attacks like Zeus and CryptoLocker to recent ones like WannaCry, Loki2 and RedLeaves. The methods are combined in a multitude of attack scenarios specific to each organization’s risk and security profile to allow an unparalleled view, and highly accurate and actionable assessment of attack risks—in addition to validating the efficacy of deployed security technologies.

Download SafeBreach’s third edition of the Hacker’s Playbook Findings Report here.

About SafeBreach:
SafeBreach is a pioneer in the emerging category of breach and attack simulation. The company’s ground-breaking platform provides a “hacker's view” of an enterprise’s security posture to proactively predict attacks, validate security controls and improve SOC analyst response. SafeBreach automatically executes thousands of breach methods from an extensive and growing Hacker’s Playbook™ of research and real-world investigative data. Headquartered in Sunnyvale, California, the company is funded by Sequoia Capital, Deutsche Telekom Capital, Hewlett Packard Pathfinder and investor Shlomo Kramer. For more information, visit www.safebreach.com or follow on Twitter @SafeBreach.

Contact:
Kayla Krause
CHEN PR for SafeBreach
kkrause@chenpr.com
781.672.3148