When hackers try to gain access to a target network, they are likely to launch a phishing attack, exploit known software vulnerabilities, or simply brute force their way through the Remote Desktop Protocol (RDP).
This is according to a new report from Palo Alto Networks’ cybersecurity division, Unit 42. In its latest paper, the company says these three account for more than three-quarters (77%) of all suspected root causes for intrusions.
Unit 42 went deeper and found that more than half (55%) of all successful software vulnerabilities used ProxyShell (55%), followed by Log4j (14%), SonicWall (7%), ProxyLogon (5%) and Zoho ManageEngine ADSelfService Plus (4%).
However, companies could have done a lot more to stay safe. Of the 600 incident response cases Unit 42 analyzed for the report, half of the businesses lacked multi-factor authentication on critical web-facing systems. Meanwhile, more than a quarter (28%) had poor patch management practices and 44% had no endpoint security service.
BEC and ransomware
Once they gain access, threat actors will engage in corporate email compromise (BEC) or ransomware attacks. The average amount stolen via BEC was $286,000, the report said, while for ransomware, the highest average demand was in the financial sector at nearly $8 million.
A new victim of ransomware is now getting his data posted to leaky sites every four hours, the report shows. Therefore, the researchers claim, identifying ransomware activity early on is critical.
Typically, the attackers spend up to 28 days on the target network to identify endpoints (opens in new tab) and important data, before actually deploying ransomware.
“Currently, cybercrime is an easy business to get into because of its low costs and often high returns. As such, unskilled, fledgling threat actors can get started with access to tools like hacking-as-a-service that is becoming increasingly popular and available on the dark web,” said Wendi Whitmore, SVP and head of Unit 42 at Palo Alto Networks. .
“Ransomware attackers also become more organized with their customer service and satisfaction surveys as they interact with cybercriminals and the victim organizations.”