- Ransomware and business email compromise accounted for more than two-thirds of all cyberattacks during the past 12 months, according to Palo Alto Networks’ Unit 42.
- The pair of top attacks represent the most lucrative means by which threat actors can turn illicit network access into financial gain.
- Software vulnerabilities accounted for nearly half of all cases of initial access used by threat actors to deploy ransomware, Unit 42 wrote in a report published last week. The outsized threat posed by software vulnerabilities is further exacerbated by threat actors that can scan the internet at scale for weak points.
Attackers gained access to targeted networks through three primary initial vectors: phishing, known software vulnerabilities and brute-force credential attacks.
The trio of initial access vectors totaled over 77% of all suspected root causes for intrusions, according to Unit 42. The threat hunting and incident response team studied 600 incidents during the 12-month period leading up to April 2022.
Exploits via older, unpatched vulnerabilities remain a leading attack vector, but Unit 42 also noted a significant narrowing between new vulnerability discoveries and attempted attacks.
Threat actors typically scan for vulnerabilities in unpatched systems within 15 minutes of a CVE being published, the report said.
While zero-day attacks present a growing challenge for organizations, nearly nine out of 10 exploited vulnerabilities fall into one of six CVE categories. ProxyShell accounted for more than half of all exploited vulnerabilities, followed by Log4j, and CVEs for SonicWall, ProxyLogon, Zoho ManageEngine ADSelfService Plus, and Fortinet, the report said.
The persistent exploitation of known and unpatched vulnerabilities reinforces the impact a chronic vulnerability-patch cycle has had on organizations and the cybersecurity professionals tasked with defending their networks.