Data from one cybersecurity firm’s ecosystem has revealed that up to 60% of attacks could have been avoided through better diligence.
Analytics generated from data gathered by a cybersecurity firm’s Global Emergency Response team has indicated that adversaries used password brute-force and vulnerability exploitation as initial vectors to break into organizations.
The results of Kaspersky’s analytics report indicate that implementing an appropriate patch management policy decreases the risk of incidents by 30%, and a robust password policy reduces the likelihood of being attacked by 60%—at least in the user ecosystem under study.
Regular patching/updates and good password hygiene are aspects that remain weak points in a large number of organizations using the Kaspersky solutions studied. As a result, the two aspects can open up attack surfaces.
Analysis of anonymized data from incident response (IR) cases showed that brute force was the most widely used initial vector to penetrate a network. Also:
- Compared to the previous year, the share of brute force attacks in the Kaspersky user ecosystem had skyrocketed from 13% to 31.6%.
- The second most commonly seen attack was vulnerability exploitation, with a 31.5% share. In only a few incidents, vulnerabilities from 2020 were used. In other cases, adversaries utilized older unpatched vulnerabilities such as CVE-2019-11510, CVE-2018-8453, and CVE-2017-0144.
- More than half of all attacks that started with malicious emails, brute force, and external application exploitation were detected in hours (18%) or days (55%).
- Although, some of these attacks lasted much longer (average duration of up to 90.4 days) the analysis showed that attacks involving a brute force initial vector were easy to detect in theory, but in practice, only a fraction were identified before causing an impact.
- Although brute force attack prevention and the control of timely updates do not seem to be problematic for a professional cybersecurity team, in practice, 100% elimination of these issues “is virtually impossible.”
Commented Konstantin Sapronov, Head of Global Emergency Response Team: “Even if the IT security department does its best to ensure safety of the company’s infrastructure, factors such as legacy OS usage, low-end equipment, compatibility issues and human factors often result in security breaches that can jeopardize an organization’s security. Protective measures alone can’t provide holistic cyber defense. Therefore, (organizations should) add detection and response tools that are able to recognize and eliminate an attack at an early stage, as well as address the cause of the incident.”