SISA, a forensics-driven global cybersecurity company, today announced the release of its biennial information security report ‘SISA Top 5 Forensic Driven Learnings – 2022-2023’. The report is based on findings from SISA’s forensics investigations, incident response and security audits carried out between April 2020 and December 2021. The report offers an in-depth view of the most common exploits and intruder actions, features detailed commentary on trends observed across the breach life cycle, and highlights top factors driving global data breaches.
Lt. General (Dr) Rajesh Pant, the national cyber security coordinator at the Prime Minister’s Office (PMO), was the chief guest at the event to announce the unveiling of the report. Reflecting on his observations, Lt. General (Dr) Rajesh Pant said, “World over, data breaches are soaring despite an ever-increasing investment in cybersecurity tools and technologies. A host of factors ranging from exponential growth in the volume of data, rising adoption of APIs, distributed IT landscape, acceleration of digital transformation, and increasing lucrativeness of cybercrime, are fuelling this surge. As intruders weaponize AI/ML tools to exploit vulnerabilities across IT infrastructures, it is imperative for organizations to outsmart even the most sophisticated intruder.”
General Pant spoke of exponential rise in cybercrimes in the wake of accelerated digital transformation brought about by the pandemic and urged enterprises to step up defences. He also mentioned how 5G, IoT and edge computing will likely present newer avenues for cyber criminals to carry out large-scale attacks especially targeted at critical infrastructure. “The SISA Top 5 Forensic Driven Learnings report with its in-depth view of prevalent intruder tactics and techniques, provides learnings based on real-world experience of its forensic practitioners. This blend of learnings from observed attack patterns with practitioner-led insights to improve resilience, is a valuable read for any organization looking to enhance its cybersecurity posture.” he added.
“Intruders are not just targeting high-valuation companies, but every firm regardless of size, and then monetizing them. It is alarming to note that on an average, an intruder resides in the company network for about 180 days, giving enough room to penetrate into critical systems and carry out large-scale attacks. The findings from the report have further underscored the importance of frequent patching, secure access management, robust intelligent monitoring and effective incident response systems,” said Dharshan Shanthamurthy, Founder & CEO, SISA, commenting on the importance and relevance of the report.
“Misconfigured MFA, use of custom malware and exploits via third party providers are some of the most prevalent trends that are gaining traction over the past couple of years. Intruders are able to outsmart even the best of cyber security defences and launch sophisticated and coordinated attacks. SISA has, in a few instances observed multiple data centres being brought down in an hour through ransomware attacks,” he added.
Some of the top findings from the report are:
- The frequently used vector to gain initial access is phishing attacks and malware deployment – observed in nearly 43% of cases.
- Intruders are increasingly targeting applications hosted in the User Acceptance Testing (UAT) environment and/or non-critical applications like the Human Resources Management System (HRMS), travel portals, etc., for deploying web application exploits.
- Lack of patching/application security is a key factor causing 27% of breaches and 46% of the time serving as a contributing factor. This is followed by inadequate antivirus (AV) and access control resulting in 11% of the breaches and contributing to 41% of them.
- Synchronized ransomware attack, where the entire data centre and disaster recovery (DR) site are taken down and backup copies are ingested with malware, is one of the top action on objectives observed over the past 1.5 years.