Dive Brief:
- About six of every 10 ransomware claims in 2024 involved the compromise of a perimeter security device such as a virtual private network or firewall, according to the Coalition Cyber Threat Index report released Tuesday. In two of every 10 cases, remote desktop protocols were exploited for initial access.
- Stolen credentials served as the initial access vectors in almost half of the cases, while software vulnerabilities were exploited in about three of every 10 cases.
- Two thirds of businesses had at least one internet-exposed web login panel at the time they applied for cyber insurance policies, according to the report. The cyber insurance provider said it detected more than 5 million exposed remote management solutions and tens of thousands of exposed login panels.
Dive Insight:
The report highlights the increasing abuse of security tools by hackers to gain access to systems during attacks. These tools were originally designed to allow authorized users to gain secure access to corporate environments. However, threat groups have found ways to exploit these tools to steal information or conduct other malicious activities.
VPNs and firewalls serve as primary gateways to internal networks, according to Coalition officials.
“They provide remote access to businesses, but when misconfigured, left unpatched, or secured with weak credentials, they become open doors for attackers rather than security barriers,” Alok Ojha, head of products, security business at Coalition, said via email.
The most commonly compromised products were from Fortinet, Cisco, SonicWall and Palo Alto Networks, according to Coalition.
More than 40,000 vulnerabilities were published in 2024, representing a 38% increase from 2023, according to the company. Coalition is forecasting about 45,000 will be disclosed in 2025, representing a 15% increase compared with the first 10 months of 2024.
The report is based on data gathered between Jan. 1, 2024 and Oct. 31, 2024. This includes proprietary data from the Coalition claims survey, scanning engine, honeypots, Coalition’s Exploit Scoring System and notification campaign logs.
