Approximately 67% of all breaches start with someone clicking on a seemingly safe link, according to a new cybersecurity report from Comcast Business. Between 80% and 95% of all attacks begin with a phish, researchers said.
The inaugural Comcast Business Cybersecurity Threat Report was based on data from 23.5 billion cybersecurity attacks. Researchers identified 500 types of threats and 900 distinct infrastructure and software vulnerabilities.
With social engineering the most common cybersecurity attack tactic, creating a diverse plan is critical to minimizing risks, Comcast said.
“No organization has perfect security, but everyone needs to understand their cybersecurity risks and build a plan to address the threats and trends the industry is experiencing,” Shena Seneca Tharnish, the Vice President, Secure Networking and Cyber Security Solutions for Comcast Business said in a press release.
“Technology teams today are best served through a comprehensive suite of powerful security solutions orchestrated to provide multiple layers of security.”
Key takeaways from the report, according to Comcast Business:
- “Adversaries” conducted 242 million reconnaissance scans of customer networks and assets. The top reconnaissance tools were vulnerability scanners, botnets and phishing. Once inside a network, bad actors made 2.6 million attempts to modify or create new firewall rules to establish external communications for command-and-control operations and data exfiltration. This underscores the importance of only accepting network connection requests from trusted sources.
- Customer logs documented more than 54 million attempts to exploit credentials for initial access. Additionally, bad actors capitalized on vulnerable Remote Desktop Protocol (RDP) configurations, resulting in over 185 million attempts to gain remote access. Unauthenticated users also exploited vulnerabilities in Transmission Control Protocol (TCP) and made 139 million attempts to establish connections to victim servers. Credential-stealing malware contributed to 159 million attempts to steal and use credentials to infiltrate compromised networks.
- The Apache Log4j vulnerability remained a significant threat due to the widespread deployment of millions of Java applications, leaving a staggering 72% of organizations vulnerable to exploits. There were almost 105 million Log4j exploit attempts in 2022. It, therefore, is important to update systems and optimize operating performance.
- Comcast Business detected 51,915 distributed denial of service (DDoS) attacks in 2022. IT and technical service customers saw an increase in DDoS attempts, which made up 25% of attempts. This category joined education (46%), finance (14%) and healthcare (13%) as the most targeted industry segments. These attacks aimed to disrupt critical database servers and network resources, with over 210 million instances of denial-of-service attacks recorded.
A previous Comcast cybersecurity report found that between July 2021 and June 22, as much as 65% of Comcast Business SecurityEdge customers were the victims of attacks that were blocked. As much as 55% experienced botnet attacks and almost half experienced malware and phishing attacks, according to the Comcast SMB cybersecurity report.
