{"id":326445,"date":"2024-08-07T06:00:07","date_gmt":"2024-08-07T13:00:07","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=326445"},"modified":"2024-08-06T17:29:02","modified_gmt":"2024-08-07T00:29:02","slug":"attack-vectors-at-a-glance","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2024\/08\/attack-vectors-at-a-glance\/","title":{"rendered":"Attack Vectors at a Glance"},"content":{"rendered":"<h1><a id=\"post-326445-_oyaibijoewsk\"><\/a> Executive Insights from the Unit 42 Incident Response Report<\/h1>\n<p>An attack vector is the method an attacker uses to get access to a target environment. Understanding which vectors result in the most successful attacks can help you reduce the likelihood an attacker succeeds at compromising your organization.<\/p>\n<p>The <a href=\"https:\/\/www.paloaltonetworks.com\/resources\/research\/unit-42-incident-response-report\">2024 Incident Response Report<\/a> details the most exploited attack vectors of the past year. It also spotlights the cybercriminal group known as <em>Muddled Libra<\/em> and analyzes its most successful attack patterns to determine how the most sophisticated attackers may attempt to breach your defenses.<\/p>\n<p>When hardening defenses against cyberattacks, it\u2019s important to understand the interplay between the <em>who<\/em> and the<em> how<\/em>. While you need to identify the most likely threats to your organization, you also need to identify how threat actors exploit common attack vectors.<\/p>\n<p>Preventing and responding to attacks requires <em>threat-informed defenses<\/em>. By examining threat actors and their behaviors, we\u2019re able to identify the most common attack vectors and recommend strategies for securing them. Here\u2019s what our experts have seen in this year\u2019s Incident Response Report to help your organization better resist attacks.<\/p>\n<h2><a id=\"post-326445-_7ls7dcxh5m5m\"><\/a>Trending Attack Vectors<\/h2>\n<p>Cybercriminals will seek the path of least resistance when infiltrating your organization. While software vulnerabilities continue to provide attackers with alluring entry points, it\u2019s important to remember that sophisticated attacks often involve the exploitation of multiple attack vectors.<\/p>\n<p><div style=\"max-width:100%\" data-width=\"1001\"><span class=\"ar-custom\" style=\"padding-bottom:35.96%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"wp-image-326544 aligncenter lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2024\/08\/PA_Graph-v4-1@4x.png\" alt=\"PA graph showing brute force, phishing, compromised credentials, software vulnerabilities of 2020, 2021, 2022.\" width=\"1001\" height=\"360\" \/><\/span><\/div><\/p>\n<h3><a id=\"post-326445-_3ur0sodwuq23\"><\/a>1. Software Vulnerabilities<\/h3>\n<p>In most of the cases we examined, cybercriminals exploited internet-facing applications to gain an initial foothold.<\/p>\n<p>Software vulnerabilities have always been a weak spot for organizations for a few reasons:<\/p>\n<ul>\n<li>Software vulnerabilities often aren\u2019t discovered until they\u2019re already being exploited.<\/li>\n<li>Vendors may not release security updates for software quickly enough.<\/li>\n<li>Engineers have to test patches in a virtual environment to minimize impact to production, which takes time.<\/li>\n<\/ul>\n<p>Organized groups, like Muddled Libra, have their own research and development teams. They uncover software vulnerabilities and build automated tools for discovering potential targets. Now that they\u2019ve infused AI into their operations, they find software bugs, locate vulnerable targets, and exploit them on a much greater scale.<\/p>\n<p><strong>Our Recommendation:<\/strong><\/p>\n<p>Proactive discovery and analysis of your assets, especially those exposed to the internet, is the first step. A tool like <a href=\"https:\/\/www.paloaltonetworks.com\/cortex\/cortex-xpanse\">Cortex Xpanse<\/a> can help you proactively find and fix exposures on your internet-connected assets before attackers can exploit them.<\/p>\n<p>You\u2019ll also want to incorporate threat intelligence into your security operations. <span style=\"font-weight: 400;\">Your team can subscribe to various threat intel feeds and keep up with <\/span><a href=\"https:\/\/unit42.paloaltonetworks.com\/\"><span style=\"font-weight: 400;\">threat research <\/span><\/a><span style=\"font-weight: 400;\">for the latest vulnerability disclosures.<\/span><\/p>\n<p>As always, routine testing and implementing patches as quickly as possible will reduce the likelihood that your software will provide an open door for attackers.<\/p>\n<h3><a id=\"post-326445-_zgua992y8ne\"><\/a>2. Stolen Credentials<\/h3>\n<p>Think of your cyber environment as a maze of locked doors. Your employees have the keys to unlock these doors. However, the burden of keeping up with those keys and who has them compounds as your company grows.<\/p>\n<p>Attackers like Muddled Libra aren\u2019t going to pick your locks when they can steal keys from your employees instead. In the past year, they\u2019ve successfully employed several tactics:<\/p>\n<ul>\n<li><strong>Social engineering<\/strong> on help-desk employees to gain the credentials of specific users.<\/li>\n<li><strong>Stealing credentials<\/strong> from individuals and purchasing compromised ones.<\/li>\n<li><strong>Using malware<\/strong> to steal credentials saved in applications.<\/li>\n<li><strong>Buying<\/strong> previously stolen <strong>credentials<\/strong> from access brokers.<\/li>\n<\/ul>\n<p><strong>Our Recommendation:<\/strong><\/p>\n<p>Most importantly, you must implement technologies that can account for human error. Even the best employees have bad days, and your technology should support them when their senses fail. Monitor the traffic on your network for uncommon behavior. Look for <a href=\"https:\/\/www.paloaltonetworks.com\/cortex\/cortex-xdr\">detection and response<\/a> tools that can answer questions about who, what, when and where attacker activity might be. They should identify anomalous behavior and consider augmenting them with security <a href=\"https:\/\/www.paloaltonetworks.com\/cyberpedia\/what-is-extended-security-intelligence-and-automation-management-xsiam\">operations tools that integrate and automate<\/a> your SOC processes.<\/p>\n<p>You should also train your team to detect and respond to social engineering attempts. Unlike many hacker groups, we believe members of Muddled Libra speak English natively. This allows them to more believably pass as a member of your staff in a phishing attempt. Your employees should know what an attempted attack looks like, how to react, and who to contact if they think they\u2019ve fallen victim.<\/p>\n<p>Multifactor authentication (MFA) can reduce the risk of stolen credentials, but MFA solutions can also be compromised, too. Train your users not to approve MFA requests they didn\u2019t solicit and to report lost or stolen devices.<\/p>\n<h3><a id=\"post-326445-_p4cnc65qakob\"><\/a>3. Third Parties and Misconfigurations<\/h3>\n<p><span style=\"font-weight: 400;\">Third-party vulnerabilities and misconfigurations can contribute to lack of visibility. Muddled Libra and other groups exploit these vectors to gain easy access and move laterally. In contrast to the locked-door analogy, these are doors left ajar.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Threats can come about when partner organizations grant too much trust and access to third-party vendors without oversight. Defending your organization is hard enough, but incorporating third-party vendors multiplies your attack surface.\u00a0<\/span><\/p>\n<p>Misconfigurations occur when tools and devices are deployed without documented standards and procedures. They present even greater risk without ongoing monitoring and maintenance to ensure they remain secure. They then become invisible holes in your defenses for attackers to pivot through.<\/p>\n<p><strong>Our Recommendation:<\/strong><\/p>\n<p>Adopt a <a href=\"https:\/\/www.paloaltonetworks.com\/zero-trust\">Zero Trust<\/a> network access framework to mitigate the risk of anyone or anything accessing your organizational resources. Zero Trust isn\u2019t a tool. It\u2019s a philosophy and a full ecosystem of controls that implement best-practice security across your entire organization.<\/p>\n<p>You should also regularly scan and analyze your organization for misconfigurations that might lead to compromise. While policies should dictate who can add what to the network and how it should be configured, you need technology-based methods to enforce them.<\/p>\n<h2><a id=\"post-326445-_lu59gcao221m\"><\/a>The Bigger Picture<\/h2>\n<p>Attack vectors are just one consideration when securing your organization. In many cases, the how can be derived from the who \u2013 who you are, how large your organization is, what industry you\u2019re in, and who your threat actors most likely are.<\/p>\n<p>We study groups like Muddled Libra and their methodologies so we can better inform you about their activities. The tactics used by well-resourced threat groups represent the attacks that future commodity cybercriminal groups will leverage against people on an automated basis.<\/p>\n<p>Our best advice: don\u2019t go at it alone. Security teams should never rely solely on their own security assessments. Talk to Unit 42 and find <a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2024\/06\/forrester-wave-for-cybersecurity-incident-response\/\">a trusted<\/a> <a href=\"https:\/\/www.paloaltonetworks.com\/unit42\/about\">security partner<\/a> who can identify your weaknesses and help you fix them.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The 2024 Incident Response Report details the most exploited attack vectors of the past year \u2013 avoid these compromising your organization.<\/p>\n","protected":false},"author":723,"featured_media":326516,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[9778,8152],"tags":[8854,9559],"coauthors":[9611],"class_list":["post-326445","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-incident-response","category-zero-trust-security","tag-incident-response-report","tag-unit-42-incident-response"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2024\/08\/SciFiAstro_00010_1024.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/326445","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/723"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=326445"}],"version-history":[{"count":5,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/326445\/revisions"}],"predecessor-version":[{"id":326558,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/326445\/revisions\/326558"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/326516"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=326445"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=326445"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=326445"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=326445"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}