A look at the cyberforensics report: convenience is a problem
Sophos's latest Active Adversary Report uncovers an interesting shift in trends regarding a common problem in IT security: convenience.
In previous case data from the report, which analyzed actual cyberattacks, it was found that the primary cause of attacks was exploitation of security vulnerabilities. This was closely followed by compromised credentials. However, in the first half of 2023, this pattern changed significantly. For the first time, compromised credentials took the top spot as the leading cause of attacks at 50%, while vulnerability exploitation dropped to 23%. While this snapshot cannot comprehensively prove that attackers prefer compromised credentials over vulnerabilities, it cannot be denied that the use of illegally acquired valid accounts greatly facilitates attackers' machinations. What makes compromising credentials even more attractive to cybercriminals is that multifactor authentication (MFA) is still completely absent or not consistently implemented in many organizations.
In a forensic review of the cyberattacks, SophosLabs found that multi-factor authentication (MFA) was not comprehensively configured in 39 % of the cases investigated to date. "The discouraging thing about this statistic is that we as an industry know how to solve this problem, but too few organizations are prioritizing this area," said Michael Veit, cybersecurity expert at Sophos.
Multi-factor authentication (MFA) as a challenge
There is a constant race in the multi-factor authentication (MFA) space. As companies adopt stronger authentication methods, criminals develop techniques to circumvent them. This cycle will continue for the foreseeable future. Simple SMS codes, time-based one-time passwords (TOTP) and push-based authentication are no longer sufficiently effective. Organizations that want to protect themselves from the latest attack techniques must move to phishing-resistant MFA. Even here, however, criminals are active. One of the latest social engineering tactics is to trick recipients into deactivating their security token via SMS.
Modern, phishing-resistant MFA technologies should be the standard for all enterprise services, supported by training. The cost of this should be considered in relation to the potential cost of a security breach. Still, it should be noted that MFA alone is not enough. Multi-layered defenses and telemetry analysis are critical to detect and defend against attacks in a timely manner. Additionally, adaptive access authentication systems based on user context data can be used to adjust access and respond to suspicious activity.
Source: www.sophos.com
