A new report from Picus Security has unveiled a concerning vulnerability in many IT environments: a high risk of complete takeover through escalated privileges.
Simulated attacks revealed that while organizations can typically defend against seven out of ten attacks, the persistent threat of sophisticated cybercrime syndicates leaves a substantial margin for error.
Full environment takeovers occur when attackers gain administrator-level access, enabling them to freely navigate and compromise systems. Alarmingly, Picus successfully achieved domain admin access in 40% of the tested environments.
While Linux and Windows demonstrated relatively strong defenses against endpoint attacks, macOS proved significantly more vulnerable, raising concerns about its security posture. Picus CTO Volkan Ertürk emphasized the need for increased focus on securing macOS systems, recommending the use of threat repositories like the Picus Threat Library to identify and address vulnerabilities.
The report also highlighted the prevalence of basic security lapses, with a quarter of companies using easily guessable passwords and a mere 9% effectively preventing data exfiltration. Cybercrime groups like BlackByte, BabLock, and Hive posed the most significant challenges for organizations.
“Like a cascade of falling dominoes that starts with a single push, small gaps in cybersecurity can lead to big breaches,” said Dr. Suleyman Ozarslan, Picus co-founder and VP of Picus Labs.
It's clear that organizations are still experiencing challenges when it comes to threat exposure management and balancing priorities. Small gaps that lead to attackers obtaining domain admin access are not isolated incidents, they are widespread. Last year, the attack on MGM used domain admin privileges and super admin accounts. It stopped slot machines, shut down virtually all systems, and blocked a multi-billion-dollar company from doing business for days,” Ozarslan said.