IBM report finds phishing remains intrusion tactic of choice for threat groups
The long-lasting effectiveness and success of phishing campaigns underscores the most central challenge in cyber security – people are the weakest link and credentials are the root of the problem, according to the latest Cloud Threat Landscape report from IBM X-Force.
An entire industry is built around training professionals to think twice before clicking a link in a text message or email that directs them to a login page asking for credentials. Yet, year after year, phishing remains the king of compromise.
Ultimately, organisations are responsible for defending their systems against attacks.
Valid credentials were the initial-access vector for 28% of all cloud-related incidents during the two-year period. Exploited vulnerabilities in public-facing applications were the third-most common initial access vector, turning up in 22% of all cloud intrusions, X-Force said.
The top actions on objective, the avenues threat groups take to accomplish their goals, further illustrates the problem. X-Force said 40% of incident response engagements over the past two years involved the abuse of cloud-hosted Active Directory servers to conduct business e-mail compromise attacks, making it the top action on objective.
When attackers employ ‘adversary in the middle’ (AITM) phishing attacks to bypass MFA they put a proxy server between the target and legitimate service to collect credentials and tokens that victim’s generate after authenticating the session on a malicious page, X-Force researchers said.
Once this level of access is granted, threat groups can do whatever they want within that compromised application. Oftentimes, this results in downstream compromises when cloud resources share the same enterprise credentials, the report found.
While cyber security professionals and authorities resoundingly agree MFA in any form is better than single-factor authentication, the relentless wave of attacks in MFA-equipped environments shows the extent to which MFA defenses can crumble.
Phishing-resistant MFA aims to strengthen enterprise defenses against phishing attacks by limiting or removing user interaction. These advanced modes of authentication come in many forms relying on cryptographic techniques, such as private and public keys, the Web Authentication API specifications, biometrics or the FIDO2 standard.
Cybersecurity Dive
Subscribers 0
Fans 0
Followers 0
Followers