Databreach Today -
3rd Party Risk Management , Application Security , Cybercrime
Use of LOLBins, GitHub Tools and Cobalt Strike Also Widespread, Researchers Say Mathew J. Schwartz (euroinfosec) • September 14, 2021 This shows how attackers gained initial access to a victim’s network, as found during Kaspersky’s 2020 incident response investigations. Note that in 45% of investigations, the initial access vector could not be identified.
Here are the top three tactics attackers have been using to break into corporate and government networks: brute-forcing passwords, exploiting unpatched vulnerabilities, and social engineering via malicious emails.
See Also: Rapid Digitization and Risk: A Roundtable Preview
So says security firm Kaspersky, in a new incident response report analyzing investigations it undertook during 2020.
The top-level takeaway is bad news: Attackers are continuing to use previously seen tactics to gain entry to corporate networks, followed by using recognizable tools to