Another major flaw that had attackers swiftly scanning the internet for affected devices was F5's critical bug in its Big-IP software, which Cybersecurity and Infrastructure Security Agency (CISA) added to its growing Known Exploited Vulnerabilities Catalog in May. Palo Alto Networks saw 2,500 scans for it within 10 hours of it rolling out a signature for the flaw.
While phishing remains the biggest method for initial access, accounting for 37% of IR cases, software vulnerabilities accounted of 31%. Brute-force credential attacks (like password spraying) accounted for 9%, while smaller categories included previously compromised credentials (6%), insider threat (5%), social engineering (5%), and abuse of trusted relationships/tools (4%).
Over 87% of the flaws identified as the source of initial access fell into one of six vulnerability categories.
The company is predicting it will see more cases involving unskilled threat actors drawn to cybercrime by reports of lucrative ransomware and non-encryption extortion attacks coupled with global economic pressures.
Due to law enforcement success in tracing crypto wallets to their owners, and the instability of cryptocurrency, the company is also predicting a possible rise in business email compromise fraud, which is the $43 billion scam that gets overshadowed in public discussion by disruptive ransomware attacks.