"Cyberattacks via Unpatched Systems Cost Orgs More Than Phishing"

Security researchers at Tetra Defense have discovered that attackers continue to find significant success targeting unpatched servers and vulnerable remote-access systems.  These compromises cost victim organizations 54% more than compromises caused by user actions (i.e., falling for phishing and opening malicious documents).  The security researchers analyzed incident data from the first quarter and found that unpatched vulnerabilities and risky services, such as Remote Desktop Protocol (RDP), account for 82% of successful attacks, while social engineering accounted for just 18% of successful compromises.  The ProxyShell exploit for Microsoft Exchange servers accounted for about a third of external breaches, while insecure Remote Desktop Protocol (RDP) servers accounted for a quarter.  The researchers noted that while the Log4Shell bug continued to see a great deal of media coverage, the attack vector was only used in 22% of breaches.  During the study, the researchers also found that healthcare topped the list of targeted industries, with nearly 20% of compromised organizations falling in that category.  Finance and education tied for second at 13%, and manufacturing accounted for 12% of incidents.  Tetra Defense also tracked the cybercrime actors responsible for most breaches and found that four groups, Lockbit 2.0, BlackCat, Conti, and Hive, are responsible for about half of all compromises investigated by the firm.  The researchers noted that two controls, comprehensive patching and using multifactor authentication (MFA), could have prevented nearly 80% of the investigated incidents.  That includes 57% of external compromises that used an unpatched vulnerability and the 13% of successful attacks on virtual private networks that either exploited a vulnerability or used stolen credentials to gain access where MFA was not enabled.

Dark Reading reports: "Cyberattacks via Unpatched Systems Cost Orgs More Than Phishing"