When hackers want to gain access to a target network, they are most likely to launch a phishing attack, exploit known software vulnerabilities, or simply log in via Remote Desktop Protocol (RDP).
That’s according to a new report from Palo Alto Networks’ cybersecurity department, Unit 42. In its latest work, the company says these three account for more than three-quarters (77%) of all suspected root causes for intrusions.
Looking deeper, Unit 42 found that over half (55%) of all successful software vulnerabilities exploited ProxyShell (55%), followed by Log4j (14%), SonicWall (7%), ProxyLogon (5%), and Zoho ManageEngine ADSelfService Plus (4%).
However, businesses could have done a lot more to stay safe. Of the 600 incident response cases analyzed for the report, 42 were analyzed for the report, in half of the cases businesses did not have multi-factor authentication on critical Internet-facing systems. Meanwhile, more than a quarter (28%) had poor patch management processes and 44% had no endpoint protection service.
BEC and ransomware
Once gained access, threat actors will engage in either business email (BEC) attacks or ransomware attacks. The average amount stolen through BEC was $286,000, the report said, while for ransomware, the highest average demand was in finance at nearly $8 million.
A new ransomware victim publishes their data on leaked websites every four hours now, according to the report. That’s why, the researchers claim, early detection of ransomware activity is crucial.
Typically, attackers spend up to 28 days on the target network, locating endpoints (opens in new tab) and basic data, before any ransomware is actually deployed.
“Right now, cybercrime is an easy business to get into because of the low cost and often high returns. Therefore, unskilled, novice threat actors can begin by accessing tools such as hacking-as-a-service becoming more popular and available on the dark web,” said Wendi Whitmore, SVP and head of Unit 42 at Palo Alto Networks.
“Ransomware attackers are also becoming more organized with customer service and satisfaction surveys as they engage with cybercriminals and victimized organizations.”