When hackers want to gain access to a target network, they are most likely to launch a phishing attack, exploit known software vulnerabilities, or simply brute force their way through Remote Desktop Protocol (RDP).
That’s according to a new report from Unit 42, Palo Alto Networks’ cybersecurity arm. These three account for more than three-quarters (77%) of the root causes of all suspected breaches, the company said in its latest paper.
Digging deeper, Unit 42 found that more than half (55%) of successful software exploits exploited ProxyShell (55%), followed by Log4j (14%), SonicWall (7%), ProxyLogon (5%) and Zoho ManageEngine ADSelfService Plus ( 4%).
However, businesses could have done more to stay safe. In half of the 600 incident response cases Unit 42 analyzed for the report, businesses lacked multi-factor authentication for critical internet-facing systems. At the same time, more than a quarter (28%) had inadequate patch management procedures, and 44% had no endpoint protection services.
BEC and ransomware
Once they gain access, threat actors engage in business email compromise (BEC) or ransomware attacks. The average amount stolen through BEC was $286,000, while for ransomware, the financial sector had the highest average demand at nearly $8 million, the report said.
A new ransomware victim is now posting their data on leaked websites every four hours, the report found. That’s why, the researchers claim, early identification of ransomware campaigns is critical.
Typically, attackers spend up to 28 days on the target network, identifying endpoints (opens in new tab) and critical data, before any ransomware is actually deployed.
“Currently, cybercrime is an easy industry to get into, as it is low-cost and often highly rewarding. As a result, unskilled novice threat actors can start using tools such as hacking-as-a-service, which are becoming increasingly available on the dark web. more popular and available,” said Wendi Whitmore, Palo Alto Networks senior vice president and Unit 42 head.
“Ransomware attackers have also become more structured in their customer service and satisfaction surveys when dealing with cybercriminals and victim organizations.”