How attackers are breaking into organizations
Abstract
Phishing attacks, business email compromise, known software vulnerabilities and stolen or compromised credentials remain the most widespread initial vectors by which attackers gain access, according to research from IBM Security, Palo Alto Networks and VMware. Application protocol interfaces, which allows software from multiple vendors or developers to connect and communicate with each other, represent the next frontier for attackers, according to VMware's Global Incident Response Threat Report. API attacks take many forms, but the top types include data exposure, SQL and API injections, and distributed denial-of-service, according to VMware. Malicious insider attacks represent another emerging and growing threat with 41% of respondents encountering such attacks during the last year, the report said. IBM categorized data breaches into 10 initial attack vectors. Data breaches were also caused by phishing attacks, cloud misconfigurations and vulnerabilities in third-party software, the IBM Security report said. Almost 60% of respondents told VMware their organization experienced a ransomware attack during the last year, and two-thirds encountered affiliate programs or partnerships between ransomware groups.