One Article Review
| Source |  Kovrr |
|---|---|
| Identifiant | 8417472 |
| Date de publication | 2023-11-28 00:00:00 (vue: 2023-11-28 11:10:14) |
| Titre | Enquêter sur le risque de références compromises et d'actifs exposés à Internet explorez le rapport révélant les industries et les tailles d'entreprise avec les taux les plus élevés d'identification compromises et d'actifs exposés à Internet.En savoir plus Investigating the Risk of Compromised Credentials and Internet-Exposed Assets Explore the report revealing industries and company sizes with the highest rates of compromised credentials and internet-exposed assets. Read More |
| Texte | IntroductionIn this report, Kovrr collected and analyzed data to better understand one of the most common initial access vectors (1) - the use of compromised credentials (Valid Accounts - T1078) (2) to access internet-exposed assets (External Remote Services - T113) (3). The toxic combination of these two initial access vectors can allow malicious actors to gain a foothold in company networks before moving on to the next stage of their attack, which can be data theft, ransomware, denial of service, or any other action. There are numerous examples of breaches perpetrated by many attack groups that have occurred using this combination, for example, breaches by Lapsus (4) and APT39 (5), among others. âThis report seeks to demonstrate which industries and company sizes have the highest percentage of compromised credentials and number of internet-exposed assets and face a higher risk of having their networks breached by the toxic combination of the initial access vectors mentioned above.âIt should be noted that having an asset exposed to the internet does not inherently pose a risk or indicate that a company has poor security. In our highly digitized world, companies are required to expose services to the internet so their services can be accessed by customers, vendors, and remote employees. These services include VPN servers, SaaS applications developed by the company, databases, and shared storage units. However, there are some common cases when having an asset exposed to the internet can be extremely risky, for example:âWhen a company unintentionally exposes an asset due to misconfiguration.When a malicious third party obtains compromised credentials of a legitimate third party and accesses an exposed asset.  âTo limit unnecessary internet exposure, companies should employ the following possible mitigations:âUse Multi-Factor Authentication (MFA) for any services or assets that require a connection so that compromised credentials on their own will not be enough to breach an exposed asset.Limit access to the asset to only specific accounts, domains, and/or IP ranges.Segment the internal company network and isolate critical areas so that even if a network is breached through access to an external asset, attackers will not be able to use that access to reach wider or more sensitive areas of the company network. âSummaryâThe following are the main findings from the collected data:âThe Services industry is by far the most exposed to attackers. Companies from that industry have the highest percentage of compromised credentials (74%). However, they have a relatively low amount of internet-exposed assets per company (34%). However, given that an average cyber loss in this industry has been shown to be about $45M, this is highly concerning (6). The Services industry (SIC Division I) is followed by Division E (Transportation, Communications, Electric, Gas, and Sanitary Services, with an average loss of around $58M), which is followed by Division D (Manufacturing, with an average loss of around $25M). The revenue range for companies with the highest number of compromised credentials is $1M-$10M, followed by $10M-$50M. A similar trend is also observed when evaluating company size by the number of employees. Indeed, companies with fewer employees have a higher share of compromised credentials. On average, the larger the company (both in terms of revenue and number of employees (7)), the greater the number of internet-exposed assets.There is a correlation between the industries and revenue ranges of companies targeted by ransomware and those with the highest share of compromised credentials.   âMethodologyâThe data for this research was collected as follows:âData regarding compromised credentials was first collected from Hudson Rock, a provider of various cybercrime data. Data was collected for the previous six months, beginning March 2023. This data |
| Envoyé | Oui |
| Condensat | $10m $1m $25m $45m $50m $58m 1000 2023 4th >$1b able about above access accessed accesses according accounts action actors addition administration all allow along also although among amount analysis analyzed and/or any applications apt39 are areas around asset assets assumed attack attacker attackers attacks authentication average based because been before beginning being better between bigger both breach breached breaches broken business but can cases central challenging chances classified clients cloud collected combination combining common communications companies company companyâs compared compromised concerning concrete connection contains corporate correlates correlation could credentials critical current customers cyber cybercrime data data:âthe databases decentralized decreasing deemed demonstrate denial determined determines developed devices differ difference digitized distribution division divisions does domains down due during each easy education educational efficiently electric elements employ employee employees employeesdata enable enough enriched enterprises equipped especially evaluated evaluating even exact examined example example:âwhen examples expected expertise explained exploit explore expose exposed exposes exposure external extremely face factor far fewer figure filtered finding findings firmographic first focus followed following follows:âdata foothold fortune found from further gain gas general generally given granular greater group groups half hand has have having heavy high higher highest highly however hudson identified identity ill important include included increases increasing indeed indicate industries industry industryâthe infrastructure inherently initial institutions internal internet introductionin investigating investment isolate its july just key kovrr landscape lapsus large larger largest least legitimate level likely limit loss low lower main major malicious manufacturing many march margin mentioned mfa might misconfiguration mitigations:âuse monitor months more most moving much multi necessarily network networks nevertheless next not note noted number numbers numerous observed obtained obtains occurred offer often older one online only opportunistic other others outside over overview own parties party password passwords per percentage period perpetrated personal poor pose possible potentially presented presenting prevent previous profiles programs prominence provider providers provides providing public purpose range ranges ransomware rates rather ratio reach read reason: reasons recent regarding related relative relatively released relevant reliance remote report reports require required research results reuse reused reveal revealing reveals revenue revenuefigure risk riskiest risky riskâin rock saas sanitary scanned scope second section security seeks seen segment sensitive servers service services several share shared shodan should show showing shown shows sic signifying similar simple six size sizes sizeâanother small smaller some sources specific stage storage students successful successfully such surface survey t1078 t113 target targeted targets teams terms than theft then therefore these third those though threat through thus top toxic trade transportation trend triggered two types uncover understand understanding unintentionally units unmonitored unnecessary use used user users using valid various vectors vendors very vpn when where which wholesale why wide wider will within work world âby âexposure âhowever âin âit âsummaryâthe âthe âwithin ââransomware â a â on â the â this â â â âby â âexposure â âlimitationsâit â âone â âthe â âthis â âwe â âwhile â ââin â ââ â âadditionally â â findingsâthe â â âto â â â âmethodologyâthe |
| Tags | Ransomware Threat Studies Prediction Cloud |
| Stories | APT 39 APT 39 APT 17 |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.