Cado Security Report Surfaces Most Common Cyberattack Vectors

An analysis of cyberattack patterns published by Cado Security, a provider of a cybersecurity forensics platform, found nearly every instance of an opportunistic attack (98%) started with a scan for vulnerabilities within a specific service.

The report identifies the Secure Shell (SSH) protocol (68%) followed by instances of the Redis data store (28%) as the services most commonly targeted.

Matt Muir, a security researcher for the Cado Labs arm of Cado Security, said that based on the tactics and techniques used by cybercriminals against the honeypots the company maintains, it would appear that cybercriminals are using very methodical approaches to look for, for example, misconfigurations that could be easily exploited.

That activity suggests that cybersecurity teams would be well advised to align their defenses around specific services, he added.

Overall, the report finds botnet agents are now the most common malware category, representing around 40.3% of all traffic. Much of that malware is being used to drive distributed denial of service (DDoS) attacks that have increased dramatically in the wake of the conflict in Ukraine, noted Muir.

Despite the almost innumerable vulnerabilities that might be exploited, most cybercriminals continue to focus on tactics and techniques that they know work. For example, only 4% of the cyberattacks tracked by Cado Labs were aimed at the now infamous Log4Shell vulnerability despite all the attention hat issue generated when it was first disclosed. As severe a threat as Log4Shell may be, most cybercriminals will continue to pursue the path of least resistance when it comes to compromising an IT environment.

Most cybersecurity teams, as a result, would be better off focusing their efforts on fundamentals rather than devoting limited resources to remediating vulnerabilities that are not as likely to be exploited. That’s critical because business leaders increasingly want to understand the actual risk level a given vulnerability represents to the business before allocating resources to thwart it. That may seem obvious, but cybersecurity professionals have historically focused on combatting all threats regardless of risk level. The trouble is that, as Frederick the Great once noted: “He who tries to defend everything defends nothing.”

Soon, the hope is that artificial intelligence (AI) will make it simpler to defend ever-growing attack surfaces. Many of the vulnerabilities that cybercriminals are trying to exploit exist in multiple applications and platforms, so AI might one day make it easier to identify and remediate all the instances of a specific vulnerability simultaneously.

In the meantime, however, cybersecurity teams first need to know how big that attack surface is and then make some difficult decisions about defending it based on the actual level of risk to the organization. In the absence of that analysis, any dire warning about cybersecurity vulnerabilities is likely to be ignored simply because the business sees the potential benefits of deploying an application far outweigh a cybersecurity risk that no one has really quantified.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 830 posts and counting.See all posts by mike-vizard