Dive Brief:
- Valid account access was the most common and successful attack path into critical infrastructure environments during the U.S. government's 2023 fiscal year, which ended Sept. 30, 2023, federal cyber authorities said in a Friday report.
- Attackers used access to valid accounts in 2 in 5 successful critical infrastructure intrusions last year, according to the Cybersecurity and Infrastructure Security Agency and U.S. Coast Guard Cyber Command’s annual risk and vulnerability assessment, which conducted 143 risk and vulnerability assessments across multiple critical infrastructure sectors.
- Spear phishing links were the second most common intrusion point in critical infrastructure attacks the agencies analyzed. These social engineering lures, which are crafted to look like an email and link from a trustworthy source that dupe professionals into granting attackers access to a network or system, were used in more than 1 in 4 attacks.
Dive Insight:
Federal cyber authorities’ annual assessment of critical infrastructure attacks reinforces a persistent reality — the most common points of intrusion across all manner of attacks, regardless of the victim or the attacker’s motivation, have staying power.
The identity challenge confronting organizations remains preeminent.
Compromised legitimate credentials were the initial access vector for almost 40% of the ransomware attacks Mandiant observed last year. During the first half of 2024, Google Cloud pinned nearly half of all cloud environment intrusions to systems with weak or no credentials.
IBM X-Force’s annual Threat Intelligence Index report found valid account compromises accounted for almost one-third of global cyberattacks last year, making it the most-common initial access vector for attacks in 2023.
There is a silver lining in CISA’s latest assessment of critical infrastructure attacks. Valid account access has declined since 2022 when CISA attributed more than half of all critical infrastructure attacks to the initial access vector.
Federal cyber authorities attributed 1 in 10 critical infrastructure intrusions to brute force or password cracking attacks in 2023. Exploits of vulnerabilities in public-facing applications were the initial access vector in just 6% of the attacks on critical infrastructure providers last year.