Enterprises struggle with basic security hygiene

Both ransomware groups and APTs continue to exploit vulnerabilities in public-facing applications, particularly in security appliances, business email technologies and enterprise file transfer products.

The latest mid-year threat review from Rapid7, based on the company's threat analytics and underground intelligence data, shows almost 40 percent of incidents Rapid7 managed services teams saw in the first half of 2023 were the result of missing or lax enforcement of multi-factor authentication, particularly for VPNs and virtual desktop infrastructure.

Dark web marketplaces are thriving too, often offering a full menu of options to financially motivated threat actors -- from zero-day exploits and stolen files to domain-level access to corporate networks.

Growing cloud adoption and today's mature, complex cybercrime ecosystem highlight the need for global businesses to establish and measure foundational security program elements, such as inventory and asset management capabilities and a baseline vulnerability risk management program. The report underlines the fact that basic security hygiene (for example, enabling and enforcing multi-factor authentication) goes a long way toward mitigating risk from a wide range of threats,

"The current macroeconomic climate has been a significant challenge for many security and IT teams, who are seeing budgets shrink while the need for specialized security expertise grows. Rapid7 managed services data indicates that organizations are still struggling to establish baseline security programs that meet common benchmarks," says Caitlin Condon, head of vulnerability research at Rapid7. "Moreover, our incident response data shows that businesses are also struggling with basic security hygiene, like required (and consistent) use of multi-factor authentication. These programmatic gaps have direct impact on the bottom line for many organizations, whether that means inability to meet regulatory compliance standards or inability to detect or recover quickly from an attack."

Rapid7 researchers also tracked 79 known state-sponsored threat actor attacks in the first half of 2023, at least 24 percent of these leveraged exploits against public-facing applications to target governments, critical infrastructure, and corporate networks. 23 percent of the state-sponsored attacks tracked used spear phishing to gain access to victim environments, and 22 percent involved the abuse of valid accounts.

Motives for these attacks include cyber warfare, espionage, the evasion of economic sanctions and the funding of state regimes.

You can find out more on the Rapid7 blog.

Photo Credit: Rawpixel.com/Shutterstock