DIRECTORY

  • Alerts
  • APTs
  • Blog
  • Books
  • Certifications
  • Cheat Sheets
  • Courses
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Definitions
  • Domains
  • Entertainment
  • FAQ
  • Frameworks
  • Hardware Tools
  • Incidents
  • Malware
  • News
  • Papers
  • Podcasts
  • Quotes
  • Reports
  • Tools
  • Threats
  • Tutorials
No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
Talk To An Expert
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
Talk To An Expert
CyberMaterial
Home News

Valid Credentials Most Common Attack Vector

July 28, 2023
Reading Time: 2 mins read
in News

A recent report released by the Cybersecurity and Infrastructure Security Agency (CISA) highlights that hacker abuse of valid credentials is the most successful method for breaching systems, accounting for over half of critical infrastructure attacks over a yearlong period.

The agency attributes this concerning trend to poor employee offboarding processes, allowing dormant accounts to remain in active directories, and default administrator accounts being targeted in 54% of successful attacks. Spear-phishing, a social engineering technique, also played a significant role, contributing to about one-third of successful breaches.

According to Gary Barlet, federal CTO at Illumio, the fact that more than half of cyberattacks originate from legitimate accounts dispels the notion that organizations can rely solely on user identity and authentication to ensure security. The report emphasizes that even advanced attackers often leverage common methods for compromising systems, including straightforward phishing and exploiting default credentials on administrator accounts.

The report does reveal some positive outcomes, with network defenses successfully blocking 13% of spear-phishing attempts and endpoint defenses thwarting 78% of malicious links or attachments.

To address these vulnerabilities, experts recommend updating decommissioning checklists and implementing multifactor authentication for all accounts, as well as maintaining robust offboarding processes to prevent unauthorized access. The findings underscore the importance of getting the basics right in cybersecurity and employing both technical and process-driven approaches to enhance overall defense against cyber threats.

Source:
  • CISA Analysis: Fiscal Year 2022 Risk and Vulnerability Assessments

Tags: CISAcredentialsCyberattackCybersecurityHackersJuly 2023NewsNews 2023PhishingSocial EngineeringSpear phishingVulnerabilities
23
VIEWS
ADVERTISEMENT

Related Posts

Lazarus Group’s Espionage

Lazarus Group’s Espionage

October 2, 2023
NY Bans School Facial Recognition

NY Bans School Facial Recognition

October 2, 2023
IronNet Shuts Down Amid Financial Struggle

IronNet Shuts Down Amid Financial Struggle

October 2, 2023
ShinyHunters Hacker Pleads Guilty

ShinyHunters Hacker Pleads Guilty

October 2, 2023

More Articles

Incidents

IT Services Provider Hit by Donut Gang

September 22, 2023
Incidents

Ransomware Group LostTrust’s Rapid Attacks

September 28, 2023
Incidents

APT IRAN Claims 4TB Data Access

September 28, 2023
Incidents

Baruch College Malware Incident Update

September 29, 2023

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Alerts
  • Incidents
  • News
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
    • Tutorials
  • Report Cyber Incident
  • GET HELP
  • Contact Us

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.