Access points for essential infrastructure remain predominantly compromised by legitimate accounts, as per assertions by authorities.

Access points for essential infrastructure remain predominantly compromised by legitimate accounts, as per assertions by authorities.

In a concerning trend, compromised legitimate credentials have emerged as the most frequent and effective initial access vector for ransomware attacks and critical infrastructure intrusions in the United States during 2023 and early 2024. According to various reports, email phishing and business email compromise (BEC) techniques have been the primary methods used to obtain these credentials.

Email phishing campaigns have been responsible for the majority of ransomware deliveries, accounting for approximately 69% of attacks. These campaigns, which often result in the theft of legitimate user credentials, provide attackers with the means to infiltrate corporate networks.

The exploitation of remote desktop protocol (RDP) vulnerabilities and software weaknesses also plays a significant role in enabling attackers to gain initial access through compromised credentials or unpatched systems.

Many ransomware groups actively exploit compromised credentials to infiltrate environments, often taking advantage of human error or security gaps. The rise of generative AI-powered social engineering has further enhanced the effectiveness of phishing, making credential compromise even easier.

The concern over ransomware attacks is palpable, with around 48% of organizations considering it the attack vector they are most worried about. Phishing and email compromise (credential theft) also rank highly among concerns.

In the first half of 2024, Google Cloud identified nearly half of all cloud environment intrusions to systems with weak or no credentials. In the U.S. government's 2023 fiscal year, valid account access was the most common and successful attack path into critical infrastructure environments.

According to a report by the Cybersecurity and Infrastructure Security Agency and U.S. Coast Guard Cyber Command, attackers used valid account access in 2 out of 5 successful critical infrastructure intrusions last year. Mandiant, a leading cybersecurity firm, reported that compromised legitimate credentials were the initial access vector for almost 40% of the ransomware attacks observed last year.

The IBM X-Force report indicates that valid account compromises remain a significant initial access vector for cyberattacks, accounting for almost one-third of global cyberattacks last year. However, it's worth noting that exploits of vulnerabilities in public-facing applications were the initial access vector in just 6% of the attacks on critical infrastructure providers last year.

Despite a slight decline in the frequency of valid account access as the initial access vector for critical infrastructure attacks compared to 2022, the identity challenge confronting organizations remains preeminent. More than 1 in 4 attacks used spear phishing links as an intrusion point, according to various reports.

In conclusion, the threat of ransomware and critical infrastructure breaches remains a significant concern for organizations worldwide. The use of compromised legitimate credentials, often obtained through phishing and email-based attacks, has become the dominant initial access vector for these attacks. Organizations must prioritize strengthening their email security measures and user education to mitigate these threats.

1. Phishing and email compromise techniques, such as business email compromise (BEC), have been primary methods used in 2023 and early 2024 to obtain compromised legitimate credentials, making email phishing campaigns responsible for the majority (approximately 69%) of ransomware deliveries and providing attackers with means to infiltrate corporate networks.
2. The exploitation of remote desktop protocol (RDP) vulnerabilities and software weaknesses, coupled with the use of compromised credentials or unpatched systems, significantly contributes to enabling attackers to gain initial access during ransomware attacks and critical infrastructure intrusions.
3. With around 48% of organizations viewing ransomware attacks as their greatest concern, the vulnerability of phishing and email compensation (credential theft) ranks highly among their fears, as compromised legitimate credentials have been the initial access vector for almost 40% of ransomware attacks observed last year.
4. In the face of these threats, organizations must prioritize cybersecurity measures like strengthening email security and user education, as the general-news and technology sectors consistently report that more than 1 in 4 attacks use spear phishing links as an intrusion point, emphasizing the necessity to address this vulnerability.

Read also: