Cybercriminals can now target more organisations by exploiting publicly exposed vulnerabilities to a greater extent than before, according to latest research by cybersecurity company Truesec.
Also, Trusec has warned that cyber attacks are rapidly executed and that threat actors can gain complete control of an organization’s network in less than 24 hours.
Attacks on the rise
Truesec’s annual Threat Intelligence Report for 2022 shows a sharp increase in the number of cyber attacks against organisations in Scandinavia and worldwide. Cybercriminals are acting faster and using constantly evolving tactics to achieve their goals. The speed of the attacks, from the initial foothold to when the attackers reach their goal, has increased.
In less than 24 hours after the initial breach, threat actors can obtain full administrative privileges, which means complete control over the victim’s network and IT infrastructure. The survey also pointed out that ransomware remains the most significant and serious threat to medium and large companies. The number of ransomware attacks in 2021 increased by 40 per cent compared to 2020.
“There are important immediate steps an organization can take to reduce the risk of cyber breach and minimize its impact. Therefore, in our report, we offer advice and recommendations that organizations can immediately act on to address cybersecurity challenges.” Mattias Wåhlén, Threat Intelligence Lead at Truesec.
The increase in cyber attacks is due to the fact threat actors are now using automated tools that enable quicker attacks. Additionally, they recruit less-skilled affiliates who only need to follow ready-made instruction manuals to act. Most intrusions 2021 began with threat actors exploiting known vulnerabilities in public-facing systems. Cybercriminals can quickly leverage such exploits in mass attacks against unpatched systems.
The increased sophistication of cyber attacks are documented by other firms too. Recently, McAfee Enterprise and FireEye have released their 2022 Threat Predictions, examining the top cybersecurity threats they predict enterprises will face in 2022. Ransomware, nation states, social media and the shifting reliance on a remote workforce made headlines in 2021.