Comcast Business Threat Report: Vast Majority of Attacks Start with Phishing
Adversaries spend more time on reconnaissance than organizations may realize.
A new Comcast Business cybersecurity threat report shows the majority of breaches now start with someone clicking on a seemingly safe link.
The inaugural threat report leverages data from 23.5 billion cybersecurity attacks that Comcast Business helped customers navigate in 2022. The attacks span 500 threat types, and 900 distinct infrastructure and software vulnerabilities.
Shena Seneca Tharnish, vice president of secure networking and cybersecurity solutions at Comcast Business, said this report proved that social engineering is still a leading tactic for cybercriminals.
“Preying on emotion and human vulnerability through manipulation or deceit is one of the simplest ways for hackers to gain access to corporate networks and data,” she said. “Whether this is through baiting or phishing, cybercriminals are still relying on human error in order to perform their attacks. Cybercriminals also now have much more access to these nefarious tools, as pre-packaged exploit kits are now just a few clicks away on the dark web, enabling the most unskilled of adversaries to exploit targeted software vulnerabilities.”
Threat Report Key Findings
Key themes from this threat report include:
The majority of breaches now originate with the users of internal and external resources. Cyberattacks used to begin with an exploit of a vulnerability in public-facing network resources that connect to applications and infrastructure within the network perimeter. Today, 67% of all breaches start with someone clicking on a seemingly safe link, which explains why adversaries begin 80%-95% of all attacks with a phish.
Adversaries’ use of reconnaissance tactics underscores the importance of only accepting network connection requests from trusted sources. The top reconnaissance tools employed by adversaries include vulnerability scanners, botnets and phishing. Once inside a network, adversaries made 2.6 million attempts to modify or create new firewall rules to establish external communications for command-and-control operations and data exfiltration.
Adversaries used various methods, including remote desktop, theft and brute force attacks to steal credentials and gain unauthorized access to customer networks. Customer logs documented over 54 million attempts to exploit credentials for initial access. Additionally, bad actors capitalized on vulnerable remote desktop protocol (RDP) configurations, resulting in over 185 million attempts to gain remote access. Unauthenticated users also exploited vulnerabilities in transmission control protocol (TCP) and made 139 million attempts to establish connections to victim servers. Furthermore, credential-stealing malware contributed to 159 million attempts by adversaries to steal and use credentials to infiltrate compromised networks.
The Apache Log4j vulnerability remains a significant threat due to the widespread deployment of millions of Java applications, leaving 72% of organizations vulnerable to exploits. Comcast Business prevented nearly 105 million Log4j exploit attempts in 2022. By regularly updating systems and optimizing operating performance, businesses can fortify their endpoints against potential cyberattacks and mitigate the risks associated with Log4j exploits.
Distributed denial of service (DDoS) attacks will continue to be a concern as the world becomes more interconnected. Comcast Business detected nearly 52,000 DDoS attacks in 2022. IT and technical service customers saw an increase in DDoS attempts, making up 25% of attempts, joining education (46%), finance (14%) and health care (13%) as the most targeted industry segments. These attacks aim to disrupt critical database servers and network resources, with over 210 million instances of denial of service attacks recorded.
Surprising Threat Report Findings
“Adversaries spend more time on reconnaissance than organizations may realize,” Seneca Tharnish said. “Attacks are not typically unplanned – cybercriminals are frequently testing your networks, systems and users for vulnerabilities. The report found at least 242 million occasions of active and continuous malicious scanning of customers’ networks and assets. While reconnaissance isn’t always dangerous, it does show interest in a potential victim. In order to prevent attacks, businesses must consider reconnaissance in their cybersecurity strategies.”
One of the most common mistakes organizations are making is taking shortcuts in securing networks, she said.
“This includes failure to patch vulnerable systems, even though 85% of all vulnerability exploits involve unpatched software,” Seneca Tharnish said. “It’s not uncommon for large enterprises to have over 100,000 unpatched systems at any point in time, and small businesses are often worse. Although patch management can be challenging, making sure a network is thoroughly secured is one of the best ways organizations can protect themselves.”
Although all cyber threats require different tools and tactics, there are several considerations customers must factor when selecting a cybersecurity provider, she said.
“Cybersecurity providers must offer a comprehensive suite of powerful security solutions orchestrated to provide multiple layers of security, ensuring that all of these pieces can work in harmony,” Seneca Tharnish said. “Providing a defense-in-depth approach allows organizations to close the gaps in their current cybersecurity plans.”
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author
You May Also Like