NEW YORK and TEL AVIV – March 6, 2024 – Cymulate, the leader in security and exposure validation, today published its 2024 State of Exposure Management & Security Validation research report. The report, which aggregates anonymized data from attack surface assessments, simulated attack scenarios and campaigns, and automated red teaming activities across more than 500 Cymulate customers, highlights the proactive approach that takes an attacker’s view to identify and address security gaps before attackers find and exploit them.
The Cymulate research highlights the correlation of threat exposures from vulnerabilities, misconfigurations and other weaknesses with both threat activity and the security controls designed to mitigate the threats. In this correlated analysis of exposures, threats and controls, the Cymulate research noted that the infamous Log4Shell vulnerability (CVE: 2021-44228) from late 2021 remains one of the most frequently targeted vulnerabilities. Threat actors, such as Lazarus, MuddyWater and groups associated with North Korea and Iran, targeted the vulnerability in their 2023 campaigns. On average, 75% of web application firewalls demonstrated their ability to block exploits of the Log4Shell vulnerability, while endpoint security and web gateway protection showed security effectiveness from 62% to 89% to protect against post-exploit threat activity in these campaigns.
The Cymulate report identified the Pikabot malware family as the most frequently assessed threat among Cymulate customers. Pikabot emerged in 2023 as a malicious backdoor exploit associated with ransomware distribution, crypto mining, data theft and remote control. In their validation of the threat, Cymulate research shows that, on average, security controls were only 47% effective, which means 53% of the Pikabot assessments were able to penetrate defenses.
Among the report’s other key findings was the exposure risk created by 63% of organizations reporting at least one instance of publicly exposed management services. A security weakness not associated with vulnerabilities, these publicly exposed management services greatly expand the attack surface by creating initial access points to malicious actors. The Cymulate research noted 47% of organizations have at least one instance of publicly exposed email services and 10% exposed database services publicly.
The Cymulate research showed an overall 5% decrease in control effectiveness based on the average Cymulate score of controls and vectors. While a decrease in effectiveness is obviously concerning, it also underscores the importance of security validation practices, which can allow organizations to identify where coverage gaps exist and implement mitigation tactics or compensating controls.
“This new research underscores the critical insights that exposure management and security validation solutions can provide for today’s businesses,” said Avihai Ben Yossef, Cymulate co-founder and CTO. “As new attack tactics emerge and adversaries continue to make use of existing vulnerabilities, businesses cannot afford to be reactive. They need to proactively gauge the effectiveness of their security solutions, identify where gaps exist and take the necessary action to limit their risk and mitigate their exposure. We are encouraged to see a growing number of organizations adopting the exposure management and security validation tools needed to improve their security posture.”
One of the report’s most consistent themes was the continued exploitation of older, known vulnerabilities rather than new or innovative techniques. Misconfigurations leading to weakened encryption and increased susceptibility to attack remain common—particularly within older web applications using legacy code that cannot be updated. More than 30% of Cymulate scans identified vulnerable cipher suites for HTTPS, which remains an actively exploited area of an older flaw. These findings serve as an important reminder that today’s organizations must ensure they have strong security fundamentals in addition to preparing for new and emerging threats.
The full 2024 State of Exposure Management & Security Validation report is available on the Cymulate website here. To learn more about Cymulate security and exposure validation solutions and whether they may be right for your organization, click here.
About Cymulate
Cymulate, the leader in security and exposure validation, provides the single source of truth for threat exposure and the actions required to close security gaps before attackers can exploit them. More than 500 customers worldwide rely on the Cymulate platform to baseline their security posture and strengthen cyber resilience with continuous discovery, validation, prioritization, and guided remediation of security weaknesses. Cymulate automates advanced offensive security testing to validate controls, threats, and attack paths. As an open platform, Cymulate integrates with existing security and IT infrastructure and drives the workflows of the exposure management process. For more information, visit www.cymulate.com.
Media Contact:
Melissa Mazurek
Account Manager
[email protected]