Security Threat Among Most Companies Which Could Have Been Evaded


Cyberattacks are costing the US billions of dollars per year which actually could have been reduced.

It is likely that the small businesses are the hacker’s main targets as they have the information that the cybercriminals want and they lack the infrastructure that a big business could afford. Unit 42 states that these businesses did not have multi factor authentication, poor management services or lacked endpoint protection out of the 600 cases reported.

Unit 42 is a unit of Palo Alto Networks Cybersecurity, and states that these causes make up for most of the hacking. It added that exploits used were 55% ProxyShell, 14% Log4j, 7% SonicWall, 5%ProxyLogon and 4% of Zoho ManageEngine ADSelfService Plus.

Security Threat Among Most Companies Which Could Have Been Evaded

Hackers launch an attack once access to the target network is achieved and exploit the vulnerabilities in the software using the “remote desktop protocol.” They spend around 28 days surveying the network to be targeted, researching the main data and endpoint before launching the ransomware.

Once they achieve the entry, the hacker will deal in business email handling or attacks using ransomware. The report from Unit 42 states that a total of $286,000 was stolen using BEC (business email compromise) and the demand using ransomware was $8 million.

The data of a victim of ransomware attack gets posted at least for four hours and this is the reason the researchers say that the identification of the activity in early stages is critical.

Wendi Whitmore, SVP and head of Unit 42 at Palo Alto Networks stated, “Right now, cybercrime is an easy business to get into because of its low cost and often high returns. As such, unskilled, novice threat actors can get started with access to tools like hacking-as-a-service becoming more popular and available on the dark web,” 

Ransomware attackers are also becoming more organized with their customer service and satisfaction surveys as they engage with cybercriminals and the victimized organizations.”

Raulf Hernes

By raulf

If you ask me raulf means ALL ABOUT TECH!!

Related news