Silverfort Identity Underground Report

Unearthing Identity Threat Exposures

Organizations must navigate through a tumultuous sea of cybersecurity threats today. As businesses increasingly transition to the cloud and embrace remote work, the complexity of managing digital identities has exponentially grown, unveiling a myriad of vulnerabilities that cybercriminals are keen to exploit. The identity attack surface continues to expand in both size and complexity and has never been more susceptible to breaches.

The imperative for robust identity security solutions has catapulted to the forefront of cybersecurity strategies. This vital layer of defense not only safeguards against unauthorized access but also plays a critical role in fortifying the digital fortresses that protect our most valuable assets.

Silverfort just released “The Identity Underground Report.” The report begins with a striking metaphor: while our defenses may appear robust above ground, a sprawling and perilous landscape lies beneath, unseen and unguarded. This “identity underground” is where attackers find their gold—through Identity Threat Exposures (ITEs), which include forgotten user accounts, misconfigurations, and outdated legacy settings.

Critical Findings and Alarming Statistics

A series of startling statistics from the report underscores the gravity and prevalence of ITEs:

  • 67% of organizations inadvertently expose their SaaS apps to potential compromise through insecure on-premises password synchronization.
  • A significant 37% of admin users continue to use NTLM authentication, laying out a red carpet for attackers to access cleartext passwords.
  • Shockingly, 3% of user accounts are shadow admins, granting attackers the power to reset passwords of genuine admin accounts, thereby seizing control over critical systems.

These findings should be a wake-up call for organizations, highlighting the sheer scale and impact of ITEs across organizations of all sizes.

Mapping the ITE Landscape

The report categorizes ITEs into four main groups based on the threats they pose:

  • Password Exposers: Enabling attackers to uncover cleartext passwords.
  • Privilege Escalators: Allowing attackers to gain elevated access.
  • Lateral Movers: Facilitating undetected movement within networks.
  • Protection Dodgers: Undermining the effectiveness of security controls.

Each category is meticulously dissected, revealing the mechanisms through which these exposures can be exploited by malicious actors.

From Underground to Cloud: A Pathway to Compromise

The transition from traditional, on-premise IT infrastructures to cloud-based environments has been a significant leap forward for businesses seeking agility, scalability, and efficiency. However, this shift has also introduced a complex web of security challenges, particularly in the realm of identity management.

At the heart of this issue is the synchronization process itself. Many organizations rely on Active Directory as the cornerstone of their identity management system, controlling access to both on-premise resources and, increasingly, cloud-based applications and services. By syncing AD user accounts with cloud IdPs, businesses aim to provide a seamless user experience, allowing employees to use a single set of credentials across all systems. However, this convenience comes with a hefty price tag in terms of security.

The synchronization of user accounts forms a bridge between on-premise vulnerabilities and cloud assets. An attacker exploiting an ITE on-premise—for instance, by cracking a password exposed through NTLM authentication—can potentially leverage this same credential to access cloud-based services and applications. This is especially concerning for SaaS environments, where sensitive data and critical business applications often reside. Essentially, every password exposure or account vulnerability becomes a master key that, once duplicated by attackers, can unlock an array of digital resources far beyond its intended scope.

Towards a More Secure Future: Recommendations and Silverfort’s Role

Recognizing the challenges, the report offers a roadmap for organizations to mitigate these risks. Key recommendations include gaining visibility into ITEs, eliminating risks where possible, and implementing preventative measures such as Multi-Factor Authentication (MFA) and identity segmentation.

Silverfort’s Unified Identity Protection Platform is positioned as a comprehensive solution, extending modern identity protection to every user and resource within an organization’s digital domain.

Unique Perspectives and Insights

While the statistics and findings are compelling, what’s truly alarming is the dynamic and ever-evolving nature of these threats. Cybercriminals are constantly devising new ways to exploit ITEs, making it a perpetual cat-and-mouse game. The report makes it clear that traditional perimeter-based defenses are no longer sufficient in isolation. Organizations must adopt a holistic and layered approach to security, one that encompasses not just the technologies but also the people and processes.

The Silverfort Identity Underground Report sheds light on a crucial issue and illustrates why it’s important for organizations to recognize the underground risks that lurk beneath the surface.

Scroll to Top