67% of data breaches start with a single click

Technology is accelerating faster than it ever has before, giving IT and security teams more tools to fend off cybersecurity attacks from an increasingly diverse slate of bad actors, according to Comcast Business.

Cybercriminals employ sophisticated tactics

However, the tactics cybercriminals are using to access systems are also growing more sophisticated by the day. Access to armies of botnets and sprawling lists of customer data are just a few clicks away on the dark web.

“Technology is accelerating at a breakneck pace – bringing sophisticated new tools to both attackers and defenders. And although attacker tools are evolving, social engineering continues to be the leading tactic used to breach corporate networks,” said Noopur Davis, EVP, Chief Information Security and Product Privacy Officer, Comcast Corporation and Comcast Cable. “CISOs and CIOs have to adjust to the evolving threat landscape to protect their organizations and customers.”

The report leverages data from 23.5 billion cybersecurity attacks, spanning 500 threat types and 900 distinct infrastructure and software vulnerabilities.

Exfiltration techniques

Cyberattacks used to begin with an exploit of a vulnerability in public-facing network resources that connect to applications and infrastructure within the network perimeter. Research has shown that today, approximately 67% of all breaches start with someone clicking on a seemingly safe link, which explains why adversaries begin 80-95% of all attacks with a phish.

Attackers do their homework to uncover vulnerabilities, like open ports and misconfigured systems, as evidenced by the 242 million reconnaissance scans of customer networks and assets. The top reconnaissance tools employed by adversaries include vulnerability scanners, botnets and phishing.

Once inside a network, adversaries made 2.6 million attempts to modify or create new firewall rules to establish external communications for command-and-control operations and data exfiltration.

Adversaries used various methods, including remote desktop, theft and brute force attacks to steal credentials and gain unauthorized access to customer networks. Customer logs documented over 54 million attempts to exploit credentials for initial access. Additionally, bad actors capitalized on vulnerable Remote Desktop Protocol (RDP) configurations, resulting in over 185 million attempts to gain remote access.

Log4j vulnerability threat

Unauthenticated users also exploited vulnerabilities in Transmission Control Protocol (TCP) and made 139 million attempts to establish connections to victim servers. Furthermore, credential-stealing malware contributed to 159 million attempts by adversaries to steal and use credentials to infiltrate compromised networks.

The Apache Log4j vulnerability remains a significant threat due to the widespread deployment of millions of Java applications, leaving a staggering 72% of organizations vulnerable to exploits. By regularly updating systems and optimizing operating performance, businesses can fortify their endpoints against potential cyberattacks and mitigate the risks associated with Log4j exploits.

Comcast Business detected 51,915 DDoS attacks in 2022. IT and technical service customers saw an increase in DDos attempts, making up 25% of attempts, joining education (46%), finance (14%) and healthcare (13%) as the most targeted industry segments. These attacks aimed to disrupt critical database servers and network resources, with over 210 million instances of denial-of-service attacks recorded.

“No organization has perfect security, but everyone needs to understand their cybersecurity risks and build a plan to address the threats and trends the industry is experiencing,” said Shena Seneca Tharnish, VP, Secure Networking and Cyber Security Solutions, Comcast Business. “Technology teams today are best served through a comprehensive suite of powerful security solutions orchestrated to provide multiple layers of security.”