According to a new report from ReliaQuest, the most common attack method seen last year was the abuse of remote services like VPNs and RDP.
of threat intelligence companies ReliaQuest Annual Cyber Threat Report 2023 is based on data from 35,000 incidents remediated for clients from February 2022 to February 2023.
Nearly 5000 cases of remote service abuse were recorded in the report, more than double that of the next most common technique, active scanning. This technique became particularly popular among threat actors during the pandemic with the advent of large-scale telecommuting.
“This should come as no surprise. Exposed remote services such as VPNs, Citrix, TeamViewer, and RDP are among the most common ways to enable initial access to a target network or establish persistence. One,” the report explains.
“We have observed a great deal of interest from threat actors in identifying exposed RDP servers. The ecosystem for cybercriminal activity has flourished.”
Read more about RDP threats: 69% of attacks hijack RDP for lateral movement
RDP was the most common access type advertised by these Initial Access Brokers (IABs), accounting for 24% of intelligence updates published by ReliaQuest during the reporting period. RDP access was also the most expensive type on offer, with an average price of $1000.
The report also found that:
- Initial access malware was primarily delivered via phishing emails
- Defensive evasion techniques are ubiquitous, notably the indicator removal, data destruction, and command history clearing subtechniques.
- The risk from compromised credentials was most severe in financial services, but open port exploitation was particularly prevalent in utility companies, and fraudulent spoofing of web domains was most common in retail.
- CVE-2022-22965 (Spring4Shell) poses the greatest risk of all high-risk vulnerabilities as it is readily available for exploitation and can have significant technical and business impact It is mentioned as
- The construction industry was the most targeted by cybercrime (226 on average per year), followed by transportation (167), wholesale (138), manufacturing (116) and retail (105). rice field.Both are less tolerant of operational interruptions
“Criminals use all means to get into organizations, and exploiting remote services continues to be the easiest method of entry. It is imperative that organizations properly monitor and secure these.” claims Mike McPherson, senior vice president of security operations for ReliaQuest.
“Ransomware will continue to be the biggest risk facing businesses in 2023, with more victims than ever before in the last quarter. So, in addition to tracking groups known to target your space, stay abreast of the latest developments in ransomware campaign tactics, techniques, and procedures (TTPs). It’s the best way to stay ahead of the times from this harmful activity.”
