May 24, 2022
Protecting Against Top 4 Security Attacks
The top 4 recent security attacks were system intrusions, social engineering, Web application attacks, and misconfigurations. These attacks reveal key information about how security attacks are made and can be prevented.
In these attacks:
- Attackers focused on stealing user credentials, phishing, and security vulnerability exploits (attacking security weak spots).
- Attacks were financial in nature (80%) and attacked by professional criminals.
- Had greater than eighty percent (80%) of attacks involving a human element (stealing credentials, phishing, errors, and misuse).
- Ransomware continued to rise and is up 13% YoY to 25% of all breaches
- Supply chain was responsible for 62% of Intrusions
#1 System Intrusions – Top 4 security Attacks
System intrusions are primarily complex attacks using Malware (70%) or hacking (40%) of targeting servers. A high percent involves multi-stage attacks (like APTs) and include ransomware. Attacks often involve stolen credentials to aid in the attacks. The goals are usually financial. Supply chain was responsible for over 60% of intrusions in 2021. Partners present a growing risk to security.
Security controls for complex multi-stage attacks generally reflect the use of best practices security. The high use of “detection and respond” security is also warranted.
- Use of strong authentication software like Multifactor authentication (MFA)
- Role based authorization controls (least privilege access)
- Complete 24×7 security and IT system monitoring (SOC + SIEM) to catch multi-stage attacks as they progress throughout your systems.
- Strong focused server security (EP/EDR software for servers) – detect and respond
- Web & Email Security – since these are high use attack vectors
- Zero Trust Security (ZTNA) – to protect and control employees and to protect key data
#2 Social Engineering:
An ongoing attack vector that leverages the inherent weakness created by human interactions. Email is the biggest threat vector and thus deserves a large focus on email security.
- Phishing: Remains the top attack vendor in social engineering and leverages clever and often targeted email messages to get users to click on email malicious links or download email attachments. Phishing is present in over 25% of breaches. Stolen credentials are often the result of phishing attacks and is a major enabler of future attacks. Malware downloads (including ransomware which is involved in 10% of all breaches) are frequently the result of phishing.
- Business Email Compromise (BEC): BEC is a focused email attack whereby criminals get key people in your company to deliver financial payments to unintended 3rd parties.
- Layers of email security (meaning more than one high quality solution)
- Use Multi-Factor Authentication (MFA) to secure your cloud & network logins
- Employee security training
- Strong endpoint security including (EDR to detect and respond)
- Security Monitoring (24×7 SOC + SIEM)
#3 Web Application Attacks
Web applications (dynamic Web sites that interact with your customers), are predominantly attacked with hacking. The majority of Web App attacks (of the hacking attacks) involve use of stolen credentials. Brute force and credential stuffing is also a prevalent attack method when stolen credentials are not available.
The results are repurposed websites, defacement, installation of malware for future attacks and stolen personal data.
- Access control is the number one control needed
- MFA is a must
- Role management and least use privilege assignments is also a must
- Management of credentials to minimize access is necessary
- Setting stringent login rules to make brute force and credential stuffing more difficult is important and geographic checking and other behavior user analysis is also important.
- Security monitoring (SOC + SIEM) may be the only method to really catch attacks once they are started. By monitoring users, malware, network traffic, security controls and servers and correlating the data, attacks can be caught early.
- Using latest generation server specific endpoint security (EP/EDR) is important to control server threats.
- Web application code development reviews and discipline for developers is important
- Access control is the number one control needed
Security miscellaneous errors are responsible for nearly 20% of all security breaches (per the 2021 Verizon DBIR). Security misconfiguration is about 55% of miscellaneous errors. Security misconfiguration causes can be as high as nearly 80% in information industry companies. OWASP lists security misconfiguration as their 2021 #5 top application security risk.
- Training of security team (vendor control training, security training, compliance training)
- Redundant staffing to provide high availability of the right skill set
- Outsourcing of managed security to provide 24×7 security management by a high availability highly trained security staff. Managed Security Provides:
- Security compliance expertise
- Security Control Product Expertise – trained on security product best practices
- 24×7 monitoring, adjusting and maintenance
- A focus on security best practices – preventing, detecting, and mitigating security threats and attacks
Summary – Top 4 2022 Security Attacks
- While it is good to look at current statistics related to the top 4 2022 cyber security attacks, the best approach to protecting against cyber security attacks continues to be to deploy best practices security.
- Top threat vectors continue to be login credentials, email, website visits, malware, and employee errors. A focus on strong access control solutions continues to be a top priority.
- Ransomware and malware continue to grow and need the strongest possible endpoint security with detection and response capabilities (EDR).
- Employee errors are a more recent revelation and often are caused by IT and security product misconfiguration.
- The use of 24×7 security monitoring is becoming more important to detect complex and undetected attacks
Contact us to get a free security consultation on how to protect against 2022s top attacks
2022 Verizon DBIR report data are sourced heavily for this blog