Results of Kaspersky’s new Incident Response Analytics Report demonstrate that just implementing an appropriate patch management policy decreases the risk of incidents by 30%, and a robust password policy reduces the likelihood of being attacked by 60%.
While the importance of regular patching and updates, as well as the use of strong passwords, is common knowledge for those who have even a little understanding of cybersecurity, these aspects remain weak points in a large number of organizations and provide a way for adversaries to penetrate a company’s system. As a result, security issues with passwords and unpatched software combine into the overwhelming majority of initial access vectors during attacks.
Analysis of anonymized data from incident response (IR) cases[1] shows that brute force is the most widely used initial vector to penetrate a company’s network. Compared to the previous year, the share of brute force attacks has skyrocketed from 13% to 31.6%, perhaps due to the pandemic and the boom of remote working. The second most commonly seen attack is vulnerability exploitation with a 31.5% share. The research showed that in only a few incidents, vulnerabilities from 2020 were used. In other cases, adversaries utilized older unpatched vulnerabilities such as CVE-2019-11510, CVE-2018-8453, and CVE-2017-0144.
More than half of all attacks that started with malicious emails, brute force, and external application exploitation were detected in hours (18%) or days (55%). Although, some of these attacks lasted much longer, with an average duration of up to 90.4 days. The report shows that attacks involving a brute force initial vector are easy to detect in theory, but in practice, only a fraction were identified before causing an impact.
Although brute force attack prevention and the control of timely updates do not seem to be problematic for a professional cybersecurity team, in practice, 100% elimination of these issues is virtually impossible:
“Even if the IT security department does its best to ensure safety of the company’s infrastructure, factors such as legacy OS usage, low-end equipment, compatibility issues and human factors often result in security breaches that can jeopardize an organization’s security. Protective measures alone can’t provide holistic cyber defense. Therefore, they should always be combined with detection and response tools that are able to recognize and eliminate an attack at an early stage, as well as address the cause of the incident,” – comments Konstantin Sapronov, Head of Global Emergency Response Team.
To minimize the chances of penetration to your infrastructure, Kaspersky recommends the following measures:
The full Incident Response Analytics Report is available on Securelist.
[1] Kaspersky Incident Response is a solution that helps to reduce the impact of a security breach or an attack on a company’s IT environment. The service covers the entire incident investigation cycle, from the onsite acquisition of evidence to the identification of additional indications of compromise, preparing a remediation plan and eliminating the threat. The Incident Response Analyst report provides insight into the incident investigation services conducted by Kaspersky from January to December 2020 in South and North America, Europe, Africa, the Middle East, Asia, as well as Russia and the CIS.
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.