Top Initial Attack Vectors: Passwords, Bugs, Trickery

Databreach Today -

3rd Party Risk Management , Application Security , Cybercrime

Use of LOLBins, GitHub Tools and Cobalt Strike Also Widespread, Researchers Say Mathew J. Schwartz (euroinfosec) • September 14, 2021     This shows how attackers gained initial access to a victim’s network, as found during Kaspersky’s 2020 incident response investigations. Note that in 45% of investigations, the initial access vector could not be identified.

Here are the top three tactics attackers have been using to break into corporate and government networks: brute-forcing passwords, exploiting unpatched vulnerabilities, and social engineering via malicious emails.

See Also: Rapid Digitization and Risk: A Roundtable Preview

So says security firm Kaspersky, in a new incident response report analyzing investigations it undertook during 2020.

The top-level takeaway is bad news: Attackers are continuing to use previously seen tactics to gain entry to corporate networks, followed by using recognizable tools to

Read More.....