Key Highlights
- There is a rise in Q1 attacks against US companies with patchable and preventable external vulnerabilities.
- The major attack factors are the lack of multi-factor authentication mechanisms and compromised credentials.
- The Tetra Defense report shows that risky exposure accounts for 57% of the losses of organizations.
As per Tetra Defense’s quarterly report, there was a spike in cyber attacks against US companies between January & March 2022 causing security issues. 82% of the attacks on Q1 2022 organizations were caused by the external exposure of known vulnerabilities in the victim’s external-facing perimeter or attack surface.
The report also revealed that the lack of multi-factor authentication (MFA) mechanisms adopted by the firms and compromised credentials are still major factors in attacks against organizations.
The Root Point of Compromise (RPOC) is the starting entry point through which a threat actor infiltrates a victim organization and is categorized as the external exposure to a known vulnerability, (or) a malicious action performed by the user, (or) a system misconfiguration.
External Exposures Are The Major Paths Of Compromise causing security issues
Researchers distinguished between “External Vulnerabilities” and “Risky External Exposures.” Tetra Defense defines external vulnerabilities as incidents where an attacker leverages publicly available exploits to attack the victim’s network. In comparison, risky external exposures include IT practices such as leaving an internet-facing port open that can be used by an adversary to target the system.
The study shows that risky exposure accounts for 57% of the losses of organizations.
Tetra Defense Study
The widespread awareness about the Log4Shell vulnerability minimized the active exploitation and was only the third most exploited external exposure accounting for 22 percent of total incident response cases. The Microsoft Exchange vulnerability ProxyShell outpaces the Log4Shell and paves the way by accounting for 33 percent of cases.
According to the Tetra Defense study, nearly 18 percent of the events were due to unintentional actions performed by an employee in the organization. It also noted that over half (54 percent) of the incidents where ‘User Action’ was the RPOC were caused by an employee opening a malicious document.
The researchers noticed that multiple cyber-criminal groups are active on the dark web. There are dozens of other groups actively trying to compromise, even if one group goes inactive or is taken down by law enforcement. Tetra Defense concluded that with a large number of cyber-criminal groups being actively observed, it highlights the constant challenges organizations have to face in protecting themselves.
For more latest news on Security Issues Click Here
