Summary: The U.S. government’s 2023 fiscal year report highlights that valid account access was the leading attack vector for intrusions into critical infrastructure, accounting for 40% of incidents. Spear phishing was the second most common method, emphasizing the ongoing challenges organizations face in securing their systems against credential theft and social engineering tactics.
Threat Actor: Cybercriminals | cybercriminals
Victim: Critical Infrastructure Providers | critical infrastructure providers
Key Point :
- Valid account access was the most common attack vector, used in 40% of successful intrusions.
- Spear phishing attacks accounted for over 25% of the analyzed incidents.
- Compromised credentials were also linked to nearly 40% of ransomware attacks observed by Mandiant.
- There has been a decline in valid account access as an attack vector compared to 2022.
- Brute force attacks were responsible for 10% of intrusions, while public-facing application vulnerabilities accounted for only 6%.
Dive Brief:
- Valid account access was the most common and successful attack path into critical infrastructure environments during the U.S. government’s 2023 fiscal year, which ended Sept. 30, 2023, federal cyber authorities said in a Friday report.
- Attackers used access to valid accounts in 2 in 5 successful critical infrastructure intrusions last year, according to the Cybersecurity and Infrastructure Security Agency and U.S. Coast Guard Cyber Command’s annual risk and vulnerability assessment, which conducted 143 risk and vulnerability assessments across multiple critical infrastructure sectors.
- Spear phishing links were the second most common intrusion point in critical infrastructure attacks the agencies analyzed. These social engineering lures, which are crafted to look like an email and link from a trustworthy source that dupe professionals into granting attackers access to a network or system, were used in more than 1 in 4 attacks.
Dive Insight:
Federal cyber authorities’ annual assessment of critical infrastructure attacks reinforces a persistent reality — the most common points of intrusion across all manner of attacks, regardless of the victim or the attacker’s motivation, have staying power.
The identity challenge confronting organizations remains preeminent.
Compromised legitimate credentials were the initial access vector for almost 40% of the ransomware attacks Mandiant observed last year. During the first half of 2024, Google Cloud pinned nearly half of all cloud environment intrusions to systems with weak or no credentials.
IBM X-Force’s annual Threat Intelligence Index report found valid account compromises accounted for almost one-third of global cyberattacks last year, making it the most-common initial access vector for attacks in 2023.
There is a silver lining in CISA’s latest assessment of critical infrastructure attacks. Valid account access has declined since 2022 when CISA attributed more than half of all critical infrastructure attacks to the initial access vector.
Federal cyber authorities attributed 1 in 10 critical infrastructure intrusions to brute force or password cracking attacks in 2023. Exploits of vulnerabilities in public-facing applications were the initial access vector in just 6% of the attacks on critical infrastructure providers last year.
Source: https://www.cybersecuritydive.com/news/cisa-critical-infrastructure-attacks/727225