Valid accounts are increasingly being leveraged as an initial attack vector in 2024, representing 31.4% of cases. Public-facing applications still hold the top position with 39.2% of cases. These findings were reported in the recent Kaspersky Incident Response analyst report.
The Kaspersky Incident
Response analyst report provides insights into cyberattacks investigated by
Kaspersky team in 2024, using data from organizations seeking help with
incident response and highlights trends in security threats across various
sectors and regions. The report aids organizations in enhancing their security
measures and developing effective incident response strategies.
According to the
report, in a concerning trend that has persisted for years, public-facing
applications have once again emerged as the primary vector for cyber attacks,
accounting for 39.2% of cases in 2024.
Valid accounts have
solidified their position as the second most common attack vector, representing
31.4% of incidents and showing a significant increase compared to 2023. This
surge indicates a growing number of companies being targeted by initial access
brokers (IABs), who capitalize on compromised credentials sold on the darknet
to facilitate further attacks. This trend is particularly alarming in the
context of Ransomware-as-a-Service (RaaS), where IABs play a crucial role in
streamlining cybercriminal operations. The data also revealed that victims in
these cases were often compromised beforehand, leading to leaked credentials
without immediate detection.
Trusted relationships
have seen an uptick from the previous year, now accounting for 12.8% of attack
vectors, while phishing remains a significant threat, utilized in nearly one
out of every ten cases (9.8%).
“Cyber threats
continue to evolve relentlessly, with attackers adapting their methods to
exploit the most vulnerable points in companies’ defenses. This highlights the
critical need for organizations to not only strengthen their immediate security
measures but also to cultivate a proactive and adaptive incident response
culture that can stay ahead of these emerging risks,” comments Konstantin
Sapronov, Head of Global Emergency Response Team at Kaspersky.
To protect businesses from
possible threats, Kaspersky experts recommend:
-
Implementing robust password policy and multifactor authentication processes.
- Removing management ports from public access.
- Establishing a zero-tolerance policy for patch management or compensation
measures for public-facing applications.
- Ensuring that employees maintain a high level of security.
- Use services like Kaspersky Incident Response or Kaspersky Managed Detection and Response to
identify and stop the attack on early stages, before cybercriminals can reach
their final goals.
The full Incident
Response analyst report 2024 is available via this link.
