Today, Silverfort, the Unified Identity Protection Company, unveiled its Identity Underground report, highlighting the frequency of identity security gaps that lead to successful attacks on organizations across every industry and region. Fueled by Silverfort's proprietary data, the report is the first of its kind, focusing on identity as an attack vector and offering insights into the Identity Threat Exposures (ITEs) that pave the way for cyberattacks. The data, analysis, and insights help identity and security teams benchmark their security programs, empowering them to make informed decisions on where to invest in identity security.
The standout – and alarming – finding is that two out of every three businesses (67%) routinely synchronize most of their users' passwords from their on-premises directories to their cloud counterparts. This practice inadvertently migrates on-prem identity weaknesses to the cloud, which poses substantial security risks by creating a gateway for attackers to hack these environments from on-prem settings. The Alphv BlackCat ransomware group is known to use Active Directory as a stepping stone to compromise cloud identity providers.
Over the past decade, there has been a rush to migrate to the cloud – and for a good reason. Simultaneously, however, security gaps stemming from legacy infrastructure, misconfigurations, and insecure built-in features create pathways for attackers to access the cloud, significantly weakening a company's resilience to identity threats.
"Identity is the elephant in the room. We know that identity plays a key role in nearly every cyberattack. Lockbit, BlackCat, TA577, Fancy Bear – they all use identity gaps to break in, move laterally, and gain more permissions," said Hed Kovetz, CEO and Co-founder of Silverfort. "But we need to know how common each identity security gap is so we can start methodically fixing them. Finally, we have concrete evidence outlining the frequency of identity gaps, which we can now classify as Password Exposers, Lateral Movers, or Privilege Escalators, and they're all vehicles for threat actors to complete their attacks. We hope that by shining a light on the prevalence of these issues, identity and security teams will have the hard numbers they need to prioritize adequate security investments and eliminate these blind spots."