How attackers are breaking into organizations

Threat actors are constantly on the lookout for new or more susceptible pathways to break in and gain access to an organization’s data or network.

While most points of intrusion are well known by cybersecurity professionals, they remain naggingly persistent. Phishing attacks, business email compromise, known software vulnerabilities and stolen or compromised credentials remain the most widespread initial vectors by which attackers gain access, according to research from IBM Security, Palo Alto Networks and VMware.

However, other means of attack are also on the rise. 

Application protocol interfaces, which allows software from multiple vendors or developers to connect and communicate with each other, represent the next frontier for attackers, according to VMware’s Global Incident Response Threat Report. VMware released the research during Black Hat USA in Las Vegas last week. 

Nearly one-quarter of all attacks compromise API security, the company’s annual survey of 125 cybersecurity and incident response professionals found. API attacks take many forms, but the top types include data exposure, SQL and API injections, and distributed denial-of-service, according to VMware. 

Malicious insider attacks represent another emerging and growing threat with 41% of respondents encountering such attacks during the last year, the report said.

These findings further support conclusions drawn by IBM Security’s research on data breaches and Palo Alto Networks’ Unit 42’s research on incident response. 

IBM categorized data breaches into 10 initial attack vectors. Stolen or compromised credentials were the most-common initial attack vector in 2022, accounting for nearly one in five data breaches studied. 

Data breaches were also caused by phishing attacks, cloud misconfigurations and vulnerabilities in third-party software, the IBM Security report said.

Software vulnerabilities accounted for nearly half of all cases of initial access used by threat actors to deploy ransomware during the last year, according to Unit 42’s report

Exploits of vulnerabilities in containers, a widely adopted cloud-native technology, also increased during the last year, according to VMware. Three-quarters of respondents said they encountered container vulnerability exploits compared to two-thirds in 2021, the report said.

Many of these attacks also carry a ransomware component. Almost 60% of respondents told VMware their organization experienced a ransomware attack during the last year, and two-thirds encountered affiliate programs or partnerships between ransomware groups.

Leave a comment