Connect with us

Hi, what are you looking for?

HEADLINES

Exploitation of internet-facing applications is number one initial attack vector for last year

When attackers plan their campaigns, they usually aim to find easily identifiable security issues, such as public servers with well-known vulnerabilities, poor passwords or compromised accounts. Year after year these initial access vectors have led to an increasing number of high-severity cybersecurity incidents.

Image source: Pixabay.com

According to the recent Kaspersky Incident Response Analytics Report, more than half (53.6%) of cyberattacks in 2021 started with vulnerability exploitation. Other common initial attack methods included compromised accounts and malicious emails.  

When attackers plan their campaigns, they usually aim to find easily identifiable security issues, such as public servers with well-known vulnerabilities, poor passwords or compromised accounts. Year after year these initial access vectors have led to an increasing number of high-severity cybersecurity incidents.

Analysis of anonymized data from incident response cases handled by Kaspersky Global Emergency Response Team (GERT) from all over the world proves that exploitation of public-facing applications, accessible from both the internal network and the internet, has become the most widely used initial vector to penetrate an organization’s perimeter.

The share of this method as an initial attack vector has increased from 31.5% in 2020 to 53.6% in 2021, while usage of compromised accounts and malicious emails has decreased from 31.6% to 17.9%, and 23.7% to 14.3%, respectively. This change is likely tied to the vulnerabilities discovered on Microsoft Exchange Servers last year. The ubiquity of this mail service and the public availability of exploits for these vulnerabilities have resulted in a huge number of related incidents.

Advertisement. Scroll to continue reading.

Going into the impact of the attacks, file encryption, which is one of the most common ransomware types and deprives organizations of access to their data, has remained the main problem facing companies for three years in a row. In addition, the number of organizations who encountered cryptors in their network significantly increased during the observed period (from 34% in 2019 to 51.9% in 2021). Another alarming aspect is that in well over half of cases (62.5%), attackers spend more than a month inside the network before encrypting data. 

Adversaries manage to stay unnoticed inside an infrastructure largely because of OS tools, well-known offensive tools and the use of commercial frameworks, which are involved in 40% of all incidents. After the initial penetration, attackers use legitimate tools for different purposes: PowerShell to collect data, Mimikatz to escalate privileges, PsExec to execute commands remotely or frameworks like Cobalt Strike for all stages of attack.

“Our report demonstrates that an appropriate patch management policy alone can reduce the likelihood of a successful attack by 50%. This yet again confirms the necessity of basic cybersecurity measures. At the same time, even the most thorough implementation of such measures cannot ensure an uncompromisable defense,” comments Konstantin Sapronov, Head of Global Emergency Response Team. “Given that adversaries resort to various malicious methods, the best way to protect your organization is to use tools and approaches that allow adversarial action to be noticed and stopped throughout the different stages of an attack.” 

To minimize the impact of an attack in case of an emergency, Kaspersky recommends the following:

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Kaspersky has detected and blocked over 13 million web threats from its security solutions for businesses in Southeast Asia (SEA). Historical data from the...

HEADLINES

Kaspersky has been at the forefront of raising awareness about cybercrimes and empowering individuals and organizations to protect themselves.

HEADLINES

“We remind our customers to carefully inspect URLs before opening them. Criminals often use spellings very close to legitimate domains to deceive customers into...

HEADLINES

For the Philippines, PH-CERT and NADPOP estimate that the country needs 180,000 trained and validated cybersecurity professionals to proactively and effectively protect the country’s...

White Papers

46% of geo-distributed companies encountered network problems between one and three times per month, while 13% stated they experienced network challenges every week. The...

HEADLINES

“Data is the new oil. Cyber criminals steal personal information to defraud you or use your identity to victimize people close to you. Guard...

White Papers

According to the report, among organizations surveyed, 97% of those hit by ransomware over the past year engaged with law enforcement and/or official government...

HEADLINES

This development marks a major step forward in Globe's long-standing #PlayItRight advocacy to help promote and protect the country’s ₱1.6-trillion creative industry from the...

Advertisement