Kaspersky named the top three techniques attackers often use to break into various types of networks. They are social engineering with the help of phishing emails, exploiting unpatched vulnerabilities, and brute-force attacks.
In 2020, attackers continued to use known techniques to gain entry to corporate networks, and legitimate tools to do recon and gain high-level access to systems.
According to the security firm Kaspersky’s report, over half of the investigations it handled (53%) were initiated after suspicious activities were detected and some damage had been already done. Luckily, around 10% of investigations were false positives. They were usually suspicious activities from network sensors, endpoint protection products, or suspected data breaches that weren’t malicious.
One-third of all intrusions led to ransomware infections, and the rest were because of data leakage. These findings are also consistent with the increasing number of attacks that use ransomware.
Attacks with ransomware mostly start with a brute-force attack. In most cases, the researchers didn’t know how exactly attackers broke-in, because they started their attack only after deleting the victim organization’s logs and other evidence.
In 2017, the security firm Kaspersky handled many digital forensics investigations and incident response requests. In most cases, attackers are still using freely available legitimate tools. This presents a real challenge to security teams while trying to prevent exploitation, since these tools do not raise red flags.
The report further says that many attackers would look elsewhere if victims used two-factor authentication. It is because 2FA eliminates risks from many known security issues.
When preparing for a malicious campaign, attackers look for low-hanging fruit, such as public servers with known vulnerabilities and known exploits. Many organizations have failed to implement the necessary security program attributes to be more effective.
The company states that defenders should implement rules to prevent the use of tools that adversaries can use. They should also test the effectiveness of their efforts by disabling the usage of similar tools.
For years, security experts have warned about the importance of strong passwords, multifactor authentication, and robust security programs. Yet, there are organizations that ignore such warnings and routinely fall victims to hackers.