The Top 5 Threat Vectors Confronting Businesses

In recent years, high-profile cyberattacks have ranged from one of the biggest breaches in banking history with the Capital One attack in 2019 to the Colonial Pipeline breach in 2021, which made “ransomware” a household term. Cybercriminals’ behaviors, known in the cybersecurity industry as TTPs (tactics, techniques, and procedures), are continuously evolving and refining; however, numerous threat vectors, or entry vectors as they’re the point of entry used by cybercriminals to obtain access to systems or networks, remain the same. If the main activity in cyberattacks is the execution of malware, then threat vectors are the methods used to deploy malware so they can be executed. Regardless of the terminology, here are the top five threat vectors in use today and some mitigation techniques to remain ahead of cybercriminals.

Top 5 Threat Vectors

Phishing

Phishing and other social engineering schemes are based on persuasion and cybercriminals’ exploitation of human psychology. Phishing utilizes fraudulent communication with the goal of obtaining sensitive data, deploying malware, committing financial fraud, or almost any other evil endeavor you might think of. Phishing attempts are mostly conducted through email, with instructions for recipients to click a link, open an attachment, send money to bank accounts, or provide sensitive information, including credentials. It’s a typical entry point for malware, particularly ransomware, which is one of the most expensive cyber vectors to remove.

Defending Against Phishing Attacks – To tackle this threat vector, phishing prevention needs to be implemented at three stages of the attack: before, during and after users’ engagement with it.

Before Phishing Attacks – Use anti-spam or other email security solutions to check for suspicious URLs and prevent messages containing malware or spam at the exploit stage of the kill chain.

During Phishing Attacks – Teach employees to spot suspicious emails using clues, including typos, odd email addresses, and long URLs. Train users to handle potential phishing attacks and have procedures in place for forwarding the emails to their IT team. Consider using phishing simulators to practice and reinforce what their staff has learned.

After Phishing Attacks – Multi-factor authentication (MFA) and other protections can defend accounts with stolen passwords. Attempts to connect to command-and-control sites, which are frequently used in multi-stage malware attacks, can be detected by network sensors.

Exploiting Vulnerabilities

Software that is outdated attracts exploitation. This includes the Log4j vulnerability, a zero-day threat that caused enormous ripples in the cybersecurity industry. Industry experts believe that 60% of vulnerable systems are still unpatched. Researchers discover new vulnerabilities each day in software, hardware, and firmware. It’s vital to remain ahead of the discoveries so the threat vectors don’t surprise companies.

Keep Systems Updated and Patched – Vulnerability scans assist in identifying systems that require updates, Additionally, the NIST Cybersecurity Framework advocates adopting risk-management methods to prioritize vulnerability remediation. However, fixing all vulnerabilities in a timely manner is a lofty order that most companies can’t meet. Creating and implementing risk assessment processes can help determine which software and systems pose the greatest risks to companies. The process includes making a thorough inventory of their IT infrastructures so companies know what they’re attempting to protect and what should be scanned for vulnerabilities. 24/7 monitoring and threat detection can be invaluable because some systems can’t be patched fast or at all.

Misconfigurations

Security misconfigurations occur when security controls on devices, networks, cloud applications, firewalls, and other systems aren’t properly implemented. They can range from unused websites and unprotected files to default admin credentials and open ports. A remote desktop protocol (RDP) that works properly, but still has the initial admin username and password is a good example. This threat vector is the companies’ problem that can lead to data breaches, unauthorized access, and other severe security incidents.

Avoiding Misconfigurations – A proactive security strategy finds ways to eliminate gaps, misconfigurations, and vulnerabilities that threat operators can exploit. Good risk management programs can scan and assess companies’ endpoints, networks, and cloud systems for misconfiguration and offer proactive remediation actions. Numerous companies that don’t have the time, talent, or budget to handle this in-house will seek security operations solutions that offer 24/7 scanning and monitoring and trained security experts who collaborate with companies to prioritize discovered vulnerabilities and misconfigurations.

Credentials Compromised

According to a data breach investigations report, stolen user credentials are involved in about half of all data breaches. Other reports have indicated that billions of stolen credentials are available on the dark web resulting from both breached databases and cyberattacks. Over 11 billion credentials were exposed, resulting from data breaches, on the website haveibeenpwned, which allows users to check if their emails were breached. Cybercriminals employ this threat vector because it’s easier to obtain access to sensitive and important information once inside companies using established accounts and can wreak havoc before being detected. Among the methods for acquiring account information are:

• • Brute-Force – Malicious actors attempting to obtain unauthorized access to secure systems by attempting all potential passwords and guessing the correct one.
  • Credential Stuffing – This method employs raw computational power and automation to continually try password combinations until the correct login is found.
  • Password Spraying – This method is in which known usernames are used in conjunction with common and/or default passwords to attempt to log into companies/
  • Shoulder Surfing – Obtaining credentials in a public situation by directly observing users’ screens.

 Defending Credentials – To defend against compromised credentials, companies need to employ numerous protective layers as with other threat vectors

• • Make Strong Password Mandatory
  • Implement Multi-Factor Authentication (MFA)
  • Restriction of user privileges depending on roles
  • Monitoring users’ behavior to detect unusual activities
  • Implement strict admin account controls
  • Develop countermeasures to combat brute-force attacks, including restricting the number of attempts before locking out accounts or demanding manual CAPTCHA input.

Supply Chain Risks

Companies are only as strong as their weakest client, vendor, or supplier, regardless of how robust their own cybersecurity procedures are. Third-party risk is increasing quickly in today’s interconnected, digital world. In recent years, numerous high-profile data breaches have highlighted the repercussions of vendor breaches and revealed that cybercriminals target suppliers with weak security postures as entry points into other companies. The Kaseya cyberattack, one of the most destructive cybercrimes in 2021, saw threat operators infiltrating a third-party management tool over the 4^th of July weekend, affecting businesses on five continents.

Mitigating Supply Chain Risks – Even though third-party infrastructure is beyond their control, limiting third-party risk is not. Companies can reduce their risk by taking the following precautions:

• • Through companies’ service agreements, suppliers are required to maintain strict cybersecurity standards.
  • Validate vendors’ security postures using audits, metrics, and other tools.
  • Implement policies requiring vendors’ devices to be scanned and monitored once they’re linked to their networks.
  • Monitor their environment for anomalies with threat detection and response systems.

Understanding the threat vectors mentioned above can help global companies develop and implement strong cybersecurity measures to prevent future cyberattacks. Additionally, it’s important for global companies to always remain vigilant of the latest threat landscape and perform daily backups of their data networks. At SpearTip, our pre-breach advisory services our engineers to examine security postures to improve companies’ weak points in their networks. Our team engages with companies’ people, processes, and technology to measure the maturity of the technical environment. We will provide companies with technical roadmaps for all vulnerabilities uncovered ensuring companies that they have the awareness and support to optimize their overall cybersecurity posture. Our ShadowSpear Threat Hunting is a critical pre-breach step in evaluating the effectiveness of current security measures to determine the overall health of companies’ environment and prevent breaches.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.