Threat Trends | 4 mins
Top Initial Access Vectors in 2023 and What to Do About Them
Threat actors never sleep. They are continually prowling an organization’s external-facing assets looking for points of entry, also known as initial access vectors.
Vulnerabilities in these initial access vectors are a hacker’s number one priority because once they gain access to one asset, they can use that to gain access to an entire network. From there, it’s just a matter of time before access is sufficient enough to wage a full-on ransomware attack.
“Ransomware gangs claimed at least 1,500 victims worldwide in the first half of 2023, cementing their status as the dominant threat to global businesses,” according to the Rapid7 Research, 2023 Mid-Year Threat Review.
Cyberattacks appear to be random, hitting organizations with what seems like no rhyme or reason. But threat actors have a method to their madness. Their attacks are calculated, and often based on initial access vectors that they discover are vulnerable across all industries.
Vulnerable or poorly managed internet-facing assets are the worst possible scenario for cybersecurity. In fact, many organizations are not even aware of their entire attack surface, let alone its vulnerabilities.
Preventing cyberattacks requires not only a complete understanding of the attack surface but knowledge of the latest trends in attacks, especially when it comes to initial access vectors.
In general, it’s good to keep in mind that hackers are motivated mainly by financial rewards. Initial access is now a commodity to be purchased. Some hackers specialize in finding those seemingly hidden ways into a system, then they sell them on the dark web to bigger players who will use that access to wreak even more havoc. All of this just highlights the absolute necessity of protecting a system from the outside in.
An advisory issued last year by national cybersecurity agencies from the United States, Canada, New Zealand, the Netherlands, and the United Kingdom, said threat actors routinely exploit poor security configurations—either misconfigured or left unsecured. They also exploit weak controls, and other poor cyber hygiene practices to gain initial access.
These agencies also named these top reasons cyber attackers can hack into initial access vectors:
- Unenforced multifactor authentication (MFA), especially on remote desktop computers
- Access control lists with incorrectly applied privileges or permissions
- Unpatched software that allows hackers to exploit publicly known vulnerabilities
- Use of vendor-supplied overly permissive default configurations or default login usernames
- Virtual private networks (VPNs) that lack sufficient controls to prevent unauthorized access
- Lack of strong password policies causing weak leaked, or compromised passwords
- Unprotected cloud services
- Open ports and misconfigured services exposed to the internet
- Phishing attempts that infect computer systems
- Poor endpoint detection and response that allow cyber actors to bypass endpoint security controls and launch attacks on target devices
It is said that cyber attackers exploit legitimate user accounts associated with a domain by stealing credentials, brute-forcing, or compromising privileged accounts. Also, threat actors use physical access to add unauthorized hardware devices to a network that can be used as backdoors.·
MITRE warns that default accounts, such as guest or administrator accounts on Windows systems, and local accounts, such as those configured by remote support, can provide vulnerability to initial access by hackers.
Protecting initial access vectors
Seven out of 10 organizations have experienced an attack targeting an unknown or poorly managed external facing asset. The average cost of remediating these attacks comes in at $20,000, weekly. That’s why it does not pay to shortchange cybersecurity budgets. Money spent up front to proactively prevent cyberattacks will be cheaper in the long run.
To gain a better view of which assets may be at risk, it is important to understand the hacker mindset. No organization can prevent and remediate every possible threat. The best approach is to have enough information to contextualize and prioritize threat warnings, and act accordingly. Patching the right percentage of an attack surface can give nearly 100% coverage.
External attack surface management is becoming more complex. Assets are not only linked by connection within the infrastructure, but by the way an attacker moves between them. It does no good to protect the least likely points of entry for hackers.
Organizations that want to ensure they aren’t a threat actor’s next target need to start with a complete understanding of their attack surface. Attack Surface Management (ASM) can be a hugely effective method for predicting the next target, providing a complete overview of an organization’s entire IT infrastructure and any vulnerabilities that it may contain.
Artificial intelligence can help provide a proactive, contextual, and comprehensive view of an organization's cyber exposure. Companies like Hadrian can integrate threat intelligence with insights about an organization's digital infrastructure, determining which is likely to be attacked based on current threat landscape trends. This will help you prioritize your efforts to protect your enterprise against attack.
How Hadrian’s hacker-developed platform fights off hackers
At Hadrian, we integrate our platform into your company’s security system and begin by assessing its security.
We map all of the digital assets within your infrastructure, including those found on the cloud, at third-party servers, and everything outside of the traditional network perimeter.
From there, we continuously deploy thousands of tests to find weaknesses, vulnerabilities, or exposures. When we find a potential weakness, we run relevant scans to see if it has opened up new weaknesses in the environment.
Most importantly, we use AI to interpret the level of risk posed by the vulnerabilities we have discovered and we flag critical issues. Hadrian’s proprietary Orchestrator AI is built to automate a wide array of attack surface management scenarios. It discovers and contextualizes assets automatically, discovering potential threats and vulnerabilities that could pose a risk. Whenever a potential risk is found, the platform activates the corresponding testing to verify it or remove it if it is a false positive, all autonomously.
Hadrian is constantly evolving by integrating new tools and practices as our analytical dataset grows.
Reports show that 62% of organizations are unaware they were vulnerable prior to a breach. And even when risks are known, 72% of organizations struggle to prioritize risks. It’s impossible to manually protect against today’s threat landscape.
Hadrian delivers complete and continuous coverage of the external exposure management lifecycle, to reduce risks, improve efficiency, and streamline compliance. Our Orchestrator discovers risks like a real world adversary. And that’s because it is designed by hackers to defend against hackers.