CybserSecurity News

Tag: Picus Security

  • Alarming Report: The Simple Attack That’s Breaching Half of Corporate Networks

    Amid the escalating wave of cyberthreats—particularly from advanced threat groups—one of the most dangerous yet persistently underestimated attack vectors remains almost unchanged: the compromise of user accounts through password guessing. According to the newly published Blue Report 2025 by Picus Security, the use of valid credentials continues to provide attackers with the most reliable pathway into corporate networks.

    The report, based on 160 million simulated attacks conducted across IT infrastructures worldwide using Picus Security’s platform, highlights a troubling surge in successful password-guessing intrusions during the first half of 2025. While last year such attacks succeeded in 25% of attempts, this year the success rate has risen to 46%. This alarming growth is attributed to weak passwords, outdated hashing algorithms, and the absence of fundamental security controls.

    Despite widespread awareness of the risks, many organizations still rely on insecure password storage practices, such as using algorithms without proper salting or neglecting multifactor authentication entirely. Internal services have proven especially vulnerable, as their security controls are often far weaker than those of external-facing systems. The study revealed that in 46% of examined environments, at least one password hash was successfully cracked and restored to plaintext.

    Such weaknesses enable not only initial access but also stealthy lateral movement within networks. Armed with legitimate credentials, attackers can bypass traditional defenses, escalate privileges, and gain access to sensitive data. The report stresses that these actions often remain undetected, allowing adversaries to persist within systems for extended periods, exfiltrate information, and prepare further attacks.

    The analysis highlights in particular the MITRE ATT&CK technique T1078 — Valid Accounts, which proved to be the most frequently exploited, with a 98% success rate. In practice, this means that once an attacker acquires valid credentials—regardless of how—they can almost inevitably advance deeper into the network.

    Given this stark reality, experts emphasize the necessity of comprehensive defense strategies: strict password policies, regular key rotation, and universal enforcement of multifactor authentication. Organizations must also abandon legacy hashing algorithms in favor of modern cryptographic standards, while deploying behavioral analytics and attack simulation tools to continuously validate the effectiveness of their defenses.

    Equally critical is the monitoring of outbound traffic and the deployment of robust data loss prevention (DLP) systems. Without effective oversight of information flow both inside and beyond the network perimeter, detecting malicious activity in time becomes nearly impossible.

    In conclusion, the report underscores that modern attacks increasingly masquerade as legitimate activity. As such, organizations must move beyond strengthening perimeter defenses and instead rethink access management and identity governance. The absence of advanced authentication and monitoring mechanisms creates ideal conditions for adversaries to maintain a quiet yet devastating foothold within corporate networks.

  • The Quiet Threat: Why Ransomware and Infostealers Are Succeeding Where Encryption Fails

    Ransomware operators and infostealers are adapting their tactics more swiftly than enterprises can recalibrate their defenses. Even substantial investments in ransomware resilience—primarily in backups and recovery—are increasingly failing to prevent tangible damage. According to the Picus Security Blue Report 2025, the most devastating incidents are no longer always tied to encryption: adversaries are shifting to “quiet” tactics—credential theft, covert data exfiltration, and rapid lateral movement across networks, all while remaining undetected for as long as possible.

    The numbers underscore the alarm. The proportion of prevented exfiltration attempts has plummeted to just 3%, the lowest level ever recorded, even as instances of double extortion continue to climb. Password guessing and brute force succeeded in 46% of tested environments, nearly double the rate of 2024. Use of valid accounts (MITRE ATT&CK T1078) proved successful in 98% of cases, highlighting just how easily stolen or weak credentials bypass existing barriers.

    The success of these “silent” operations stems from an imbalance in visibility. Organizations have become adept at filtering inbound threats—malicious attachments, phishing emails, and loaders—yet remain far less capable of tracking outbound traffic and subtle data flows. The report identifies three principal shortcomings: inadequate outbound monitoring, poorly enforced DLP policies, and limited behavioral analytics. Against this backdrop, modern infostealers have long since outgrown the label of “opportunists” scraping browser passwords. They now operate as persistent, highly targeted tools within sophisticated campaigns—blending with legitimate access, dissolving into normal network noise, and siphoning data for days or weeks without triggering a single alarm.

    The evolution of ransomware places greater emphasis on pressure over encryption, rendering reliable backups no longer the silver bullet they once seemed. Criminals need no decryptor when they possess troves of stolen documents ready for publication. Tellingly, prevention rates in the Blue Report remain dismally low for several major families: BlackByte at 26%, BabLock at 34%, and Maori at 41%. Their success is not explained by backup strategy gaps but by defenders’ inability to consistently block credential theft, lateral movement, and exfiltration along the way. Even flawless recovery cannot undo the damage once sensitive data has already leaked.

    The blunt conclusion of the season is unsettling: infostealers thrive, ransomware grows stealthier, and exfiltration too often proceeds unchallenged. Reliance on assumptions, static rules, and outdated detection logic creates a dangerously false picture of risk. Experts urge defenders to ground their strategies in empirical evidence—and to stress-test their defenses in combat simulations before adversaries inevitably do so themselves.