2023-2024 marked the first time that known exploits became the primary method of intrusion into your network and systems. If you are relying on protection methodologies that are primarily designed to prevent phishing attacks, you are already a step behind!
The primary driver behind this change was the continued growth of Ransomware as a Service (RaaS) providers that are creating tools that even non-technical people can use to attack these exploits at unheard of scales.
Image 1 - Initial Infection Vector - Mandiant M-Trends 2024 Report
This shift means you must think differently about how you defend yourself against attacks. Employee education, while still critical, is not addressing the primary attack vector anymore. Phishing attacks continue to trend downward as the preferred method of intrusion.
Key trends in known exploits
A staggering 25% of high-risk common vulnerabilities and exposures (CVE) were immediately targeted for exploitation on day zero
A substantial 32.5% of the 206 identified vulnerabilities reside within the networking infrastructure or web application domains
Privilege escalation is now in the top 3 tactics being used by exploiting known vulnerabilities joined by exploitation of remote services and exploitation of public-facing applications
According to Palo Alto, new vulnerabilities in ConnectWise ScreenConnect, JetBrains TeamCity, the PHP Common Gateway Interface (CGI) script engine and Microsoft Windows Error Reporting Service were among the most exploited by ransomware gangs in H1 2024.
What this means for you
Unfortunately, this means you have less control over the security of your network and data. With hackers routinely taking advantage of exploits that yet to be patched by vendors often all you can do is patiently wait for a patch to emerge.
This doesn't make you helpless though. It just means you have to think differently about how to stop bad actors in their tracks. The easiest way to visualize how you have to secure your data into today's changing environment think about how you are securing your own home.
Many of us are adding security cameras with motion detection to our homes. We recognize that getting stronger and stronger locks isn't going to be enough. You have to take the same approach to your network and data. Look for the motion in your environment that matches to how bad actors behave once they have access to your data. The first step you should consider is rolling out monitoring across your organization's network and data repositories with AI based escalation and response.
Other key steps to take
The following 6 steps should be deployed as soon as feasible in most organizations after you take step one above:
Implement a SASE Framework that includes all constituent components: SD-WAN, ZTNA, SWG, FWaaS, CASB. Pay special attention to ensure you have turned on all the "toggles". Many organizations have purchased the right SKU to ensure they have the protection baked into a key component of the SASE framework but forget to enable, configure and deploy it.
Plan for patching and updating the newest versions of software. It's not enough to just patch. Many of these exploits exist in older versions of the software with no plan to patch from the vendor.
Institute MFA for ALL employees. With privilege escalation as a top 3 tactic employed by bad actors you must treat all employees' credentials as if they have admin rights.
Setup penetration tests. It's better to know your weaknesses so that you can build the right defenses.
Deploy immutable backups. Your backups are the first thing bad actors will attack. You have to ensure they can't encrypt or manipulate your backups so you can be sure you always have a safety net.
Plan for your next DBAR test. Practice makes perfect!
Ready to learn more. View our most recent panel discussion where we partnered with Comcast to discuss these trends.
Ready to get your free security assessment? Contact us here.