Hackers don’t sweat much as they launch cyber attacks. They love cherry-picking and low-lying fruit to strike it rich quickly. A recent survey of the cyberattacks that happened last year indicates that exploitation of Internet-facing applications is the number one initial attack vector.
Hackers look for an Achilles heel to break into a network or a device. They look for weak links such as public servers with well-known vulnerabilities, poor passwords or compromised accounts.
Also read: Global cyber security spending to touch $460 billion by 2025: Kaspersky
As many as 53.6 per cent of cyberattacks reported in 2021 were caused by exploitation of vulnerabilities, according to the Incident Response Analytics Report prepared by cybersecurity solutions company Kaspersky.
The share of this method as an initial attack vector increased from 31.5 per cent in 2020 to 53.6 per cent in 2021, while the use of compromised accounts and malicious emails has decreased from 31.6 per cent to 17.9 per cent, and 23.7 per cent to 14.3 per cent respectively.
Another alarming aspect is that in over half of cases (62.5 per cent), attackers spend more than a month inside the network before encrypting data.
The report gives a peek into the nature of the attacks launched by hackers last year.
“Year after year these initial access vectors have led to an increasing number of high-severity cybersecurity incidents,” it points out.
The report analyses anonymised data from incident response cases handled by the Kaspersky Global Emergency Response Team (GERT) from all over the world.
“It proves that exploitation of public-facing applications, accessible from both the internal network and the Internet, has become the most widely used initial vector to penetrate an organisation’s perimeter,” it said.
Impact of attacks
File encryption, which is one of the most common ransomware types, has remained the main problem facing companies for three years in a row. Ransomware attacks deprive organisations of access to their data.
“Adversaries manage to stay unnoticed inside an infrastructure, largely because of Operating System tools, well-known offensive tools and the use of commercial frameworks, which are involved in 40 per cent of all incidents,” the report pointed out.
After the initial penetration, attackers use legitimate tools for different purposes: PowerShell to collect data, Mimikatz to escalate privileges, PsExec to execute commands remotely or frameworks like Cobalt Strike for all stages of attack.
“Our report demonstrates that an appropriate patch management policy alone can reduce the likelihood of a successful attack,” Konstantin Sapronov, Head of Global Emergency Response Team, said.
How to thwart attacks
In order to minimise losses, Kaspersky asks organisations to back up their data so that they can access crucial files in case of a ransomware attack.
“You must continuously train your incident response team to stay up to speed with the changing threat landscape. You must implement strict security programmes for applications with Personally Identifiable Information,” it said.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.