The Old Ways Are Still the Best for Most Cybercriminals
_wsf_AL_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop "The Old Ways Are Still the Best for Most Cybercriminals")
#Ways #Cybercriminals
attackers and defenders. Cybercrime groups usually are assumed to be early adopters of new technology, used to outwit their adversaries and achieve their goals. But in reality, the picture is more nuanced than that.
While the cybercriminal underground has professionalized and become more organized in recent years, threat actors are, to a great extent, still using the same attack methods today as they were in 2020. This presents a significant opportunity for network defenders — but only if they are prepared to proactively embrace emerging technologies like artificial intelligence (AI).
Tried-and-True Tactics Continue to Dominate
Threat researchers are always analyzing and predicting novel attacks. As the cybersecurity landscape evolves, it is critical for research teams to anticipate where attackers may focus their efforts next and make their organizations more resilient. It is equally important to share these insights with the wider cyber community to make the digital world safer.
However, threat actors are largely still using tried-and-true tactics like phishing, vulnerability exploitation, and compromised account credentials to achieve initial access. That’s borne out by third-party data as well. Credential abuse (22%), exploitation of vulnerabilities (20%), and phishing (19%) were the main data breach attack vectors over the past year, according to Verizon. There was a 34% annual increase in vulnerability exploitation this year, while employees were involved in 60% of breaches, driven by credential compromise and social engineering.