In a move away from traditional phishing scams, attackers are increasingly exploiting vulnerabilities in computer systems to gain initial network access, according to Mandiant’s M-Trends 2024 Report.
In 2023, attackers gained initial access through exploiting vulnerabilities in 38% of intrusions, a 6% increase from the previous year.
Mandiant also found phishing’s prevalence declined from 22% of intrusions in 2022 to 17% in 2023. However, it was still the second most common initial access vector assessed by Mandiant.
Zero-Day Vulnerabilities Actively Exploited
Researchers observed 97 unique zero-day vulnerabilities exploited in the wild in 2023, up by 56% compared to 2022.
Chinese cyber espionage groups were the most prolific attackers to exploit zero-days, primarily for the purposes of intelligence gathering and strategic advantage. Vulnerabilities that are unknown to software vendors can provide long term access to systems and sensitive data.
Additionally, financially motivated cybercriminals continued to utilize zero-days to infiltrate systems and steal financial data. This includes a group tracked as FIN11, which frequently targets file transfer applications that can provide fast access to large amounts of sensitive data.
The most frequently targeted vulnerability observed by Mandiant in 2023 was CVE-2023-34362, a high-risk SQL injection vulnerability in MOVEit Transfer.
This was followed by CVE-2022-21587, a critical unauthenticated file upload vulnerability in Oracle E-Business Suite.
In third place was CVE-2023-2868, a critical command injection vulnerability in Barracuda Email Security Gateways.
Stuart McKenzie, EMEA Consulting MD at Mandiant, a subsidiary of Google, noted phishing is now often used to steal credentials for later credential-based attacks rather than to deploy malware.
This is partly a result of improved security tooling that protects users from receiving malicious email messages.
The shift towards software vulnerability exploitation requires a more sophisticated approach by attackers compared to traditional “spray and hope” phishing attacks.
Zero day and n-day vulnerabilities, which are either not discovered or patched, allow attackers to pick and choose how they target organizations at their leisure.
McKenzie said: “If you’ve got time on your side, you’re able to deploy those against any organizations when you want to.”
No tags.
