Valid accounts are increasingly being leveraged as an initial attack vector and as part of cyberattacks in 2024, representing 31.4% of cases. This, according to a cybersecurity update from Kapersky.
Public-facing apps still hold the top position “with 39.2% of cases.”
These research findings were reported in the recent Kaspersky Incident Response analyst report.
The Kaspersky Incident Response analyst report provides insights into cyberattacks investigated by Kaspersky team in 2024, using data from organizations seeking “help with incident response and highlights trends in security threats across various sectors and regions.”
The report aids organizations in “enhancing their security measures and developing effective incident response strategies.”
According to the report, in a concerning trend that has persisted for years, public-facing applications have once again “emerged as the primary vector for cyber attacks, accounting for 39.2% of cases in 2024.”
Valid accounts have solidified their position as the second most common attack vector, “representing 31.4% of incidents and showing a significant increase compared to 2023.”
This surge indicates a growing number of companies “being targeted by initial access brokers (IABs), who capitalize on compromised credentials sold on the darknet to facilitate further attacks.”
This trend is particularly alarming in the “context of Ransomware-as-a-Service (RaaS), where IABs play a crucial role in streamlining cybercriminal operations.”
The data also revealed that victims in these cases were “often compromised beforehand, leading to leaked credentials without immediate detection.”
Trusted relationships have seen an uptick from the previous year, now accounting for “12.8% of attack vectors, while phishing remains a significant threat, utilized in nearly one out of every ten cases (9.8%).”
Konstantin Sapronov, Head of Global Emergency Response Team at Kaspersky said:
“Cyber threats continue to evolve relentlessly, with attackers adapting their methods to exploit the most vulnerable points in companies’ defenses. This highlights the critical need for organizations to not only strengthen their immediate security measures but also to cultivate a proactive and adaptive incident response culture that can stay ahead of these emerging risks.”
To protect businesses from possible threats, Kaspersky recommends:
- Implementing robust password policy and multifactor authentication processes.
- Removing management ports from public access.
- Establishing a zero-tolerance policy for patch management or compensation measures for public-facing applications.
- Ensuring that employees maintain a high level of security.
- Use services like Kaspersky Incident Response or Kaspersky Managed Detection and Response to identify and stop the attack on early stages, before cybercriminals can reach their final goals.
As covered, Kaspersky is a global cybersecurity and digital privacy company founded in 1997.
With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly “transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe.”
The company’s security portfolio reportedly includes “endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats.”
They claim to help over 200,000 corporate clients “protect what matters most to them.”