Threat actors have been commencing zero-day
vulnerability scanning only 15 minutes following the flaw's disclosure, resulting in much quicker exploitation, reports ZDNet
Exploiting software vulnerabilities was the second most prevalent method for achieving initial access, behind phishing attacks, according to a report from Palo Alto Networks' Unit 42. Most threat actors leveraged Exchange Server ProxyShell bugs for initial access, accounting for 55% of incident response cases examined by Unit 42. Log4j, ProxyLogon, Zoho ManageEngine, and Fortinet security flaws were also used by cybercriminals.
Meanwhile, most IR cases related to ransomware have been attributed to the Conti ransomware operation, followed by LockBit 2.0.
The Hive, ALPHV/BlackCat, REvil, PYSA, BlackMatter, Phobos, and Dharma ransomware groups only accounted for less than 10% of cases each, the study showed.
Lucrative returns from ransomware and extortion attacks are also poised to entice more unskilled threat actors to engage in cybercrime, noted Palo Alto Networks, which also expects business email compromise fraud incidents to increase.