Threat Actors’ Increased Targeting of Vulnerabilities for Initial Access

According to Mandiant’s M-Trends 2024 Report, there’s a noticeable rise in the exploitation of software and operating system vulnerabilities as the initial means of network access, with phishing attacks decreasing in prevalence. Mandiant, a division of Google Cloud, is renowned for its services in cyber defense, threat intelligence, and incident response. The basis of the report is from Mandiant Consulting’s investigations of targeted attacks from January 1, 2023 to December 31, 2023.

Mandiant’s investigation revealed that 38% of attacks exploited software vulnerabilities as the initial means of access, higher by 6% from 2022. 17% of attacks used phishing for initial access, lower by 5% from 2022. Attackers are targeting more edge devices and are taking advantage of many vulnerabilities. In 2023, Mandiant discovered 97 different zero-day vulnerabilities that attackers exploit in the wild, higher by 56% from 2022. Only a few threat actors are used to exploit zero-day vulnerabilities, usually nation-state cyberespionage groups. Although state-sponsored threat actors still exploit zero-day vulnerabilities, particularly China-sponsored threat actors, more ransomware and data extortion gangs are getting and using 0 days, assisted by the growth of commercially accessible turnkey exploit products.

Threat actors are merging exploits of zero-day vulnerabilities with living-off-the-land strategies, which entail local, legitimate applications inside a system to enable them to stay persistent for a longer time and avoid discovery. One reason for the drop in using phishing as a preliminary attack vector is the prevalent use of multifactor authentication (MFA). Although MFA is efficient at stopping phishing attacks, Mandiant has seen a rise in using web proxies and enemy-in-the-middle phishing web pages that can steal qualifications and sign-in session tokens to circumvent MFA. Protection could be enhanced against these attacks by implementing phishing-proof MFA.

Mandiant has additionally seen a rise in malware, as 626 new malware variants were discovered in 2023, higher than any other year thus far. The most prevalent malware families were

  • 33% – backdoors
  • 16% – downloaders
  • 15% – droppers
  • 7% – credential stealers
  • 5% – ransomware

The sectors most often attacked by threat actors include:

  • 17% – financial services
  • 13% – business and professional services
  • 12% – high technology
  • 9% – retail and hospitality
  • 8% – healthcare

Attacks are more and more focused on cloud environments since more companies have shifted to using the cloud. The most probable reason for attacking these industries is the huge collection of sensitive data, which includes private business information, financial records, personally identifiable information, and protected health information (PHI).

Mandiant’s report reveals that companies are becoming much better at discovering attacks. In 2023, attackers were in the systems for an average of 10 days before being detected; it was 16 days in 2022. Defenders are happy, however, companies should stay heedful. A vital theme in the M-Trends 2024 report is that attackers are doing something to avoid discovery and stay on systems for a longer time. This is accomplished by using zero-day vulnerabilities, which further emphasizes the need for a powerful threat hunt software, thorough inspections, and remediation in case of a security breach, and HIPAA training for IT professionals.

Tags

Daniel Lopez

Daniel Lopez

Daniel Lopez stands out as an exceptional HIPAA trainer, dedicated to elevating standards in healthcare data protection and privacy. Daniel, recognized as a leading authority on HIPAA compliance, serves as the HIPAA specialist for Healthcare IT Journal. He consistently offers insightful and in-depth perspectives on a wide range of HIPAA-related topics, addressing both typical and complex compliance issues. With his extensive experience, Daniel has made significant contributions to multiple publications such as hipaacoach.com, ComplianceJunction, and The HIPAA Guide, enriching the field with his deep knowledge and practical advice in HIPAA regulations. Daniel offers a comprehensive training program that covers all facets of HIPAA compliance, including privacy, security, and breach notification rules. Daniel's educational background includes a degree in Health Information Management and certifications in data privacy and security. You can contact Daniel via HIPAAcoach.com.

Get The FREE HIPAA Checklist

Discover everything you need to become HIPAA compliant
Scroll to Top

Get the free newsletter

Discover everything you need to become HIPAA compliant
Please enable JavaScript in your browser to complete this form.
Name

Get The FREE HIPAA Checklist

Discover everything you need to become HIPAA compliant
Please enable JavaScript in your browser to complete this form.
Name