Cyber Forensics: The latest Active Adversary Report from Sophos uncovers an interesting turnaround that addresses a common problem in IT security: convenience. Hard-working attackers exploit this mercilessly.
In previous case data from the report, which analyzes actual cyberattacks, exploiting vulnerabilities was the leading cause of attacks, closely followed by compromised credentials. In the first half of 2023, this picture reverses significantly, and for the first time, compromised access data was the top cause at 50%. The exploitation of a vulnerability was 23%.
Stolen login credentials
While this snapshot cannot comprehensively prove that attackers prefer compromised credentials over vulnerabilities, there is no denying that the use of illegally acquired, valid accounts makes attackers' schemes much easier. What makes compromising credentials even more attractive for cybercriminals is that multifactor authentication (MFA) is still missing or not consistently implemented in many organizations.
During the forensic analysis of the cyberattacks, SophosLabs found that MFA was not fully configured in 39% of the cases examined so far. “The most disheartening thing about this statistic is that as an industry we know how to solve this problem, but too few organizations are prioritizing this area,” said Michael Veit, cybersecurity expert at Sophos. “So the problem is not technology, but enforcement. Often, authentication requirements are relaxed to provide a better user experience. This opens the door for attackers and when it comes to human opponents, these small cracks already offer the best chance of breaking into networks.”
Authentication technologies as a challenge
There is also a constant race in the area of MFA (Multi Factor Authentication). As companies implement stronger authentication mechanisms, criminals respond by developing techniques that circumvent the technologies they use. “This cycle will continue for the foreseeable future,” said Veit. “We are now past the point where simple SMS codes, time-based one-time passwords (TOTP) or even push-bashed authentication are effective. Organizations that want to protect themselves from the latest attack techniques need to move to phishing-resistant MFA. And even here the criminals are not idle. When Sophos
Phishing-resistant MFA technologies bring protection
Modern, phishing-resistant MFA technologies as the standard authentication mode for all services within an organization, including appropriate training, currently ensure maximum protection against compromised login data. The resulting costs must also be measured against the costs of a potential security breach and recovery, which are often many times more expensive. However, strong authentication alone cannot stop every attack, which is why layered defense and telemetry analysis are critical. Both give companies time and opportunity to detect and defend against an active attack.
Additionally, many authentication systems can be configured for adaptive access. This practice changes the access or trust level based on contextual data about the user or device requesting access. Additionally, access is limited to those users who really need it. Adaptive access authentication systems allow organizations to customize access policies for specific applications or user groups and respond dynamically to suspicious signals.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.