Do we have any data that tells us how a hack was initiated.
E.g
How did Solarwind happen ? How did Sony happen ? The US Gas Line The Equifax
So, i would really like to know how many of these was actually caused by human error (download and installed malware) and not a poor tech solution (firewall was open)
Any evidens as such ?
- A collection of public threat intel reports [0]. Lots of reading though. I did some Splunking on it last year and at least 50% uses phishing for initial access. You could call that a structural vulnerability.
- Exploiting vulnerable public facing stuff is another initial access technique. Here someone collected all the CVEs used by ransomware crews [1].
- VERIS community database [2]. Collection of 8894 security incidents. If you look in the JSON there are some fields describing the vector and the actor.
[0] https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_C...
Social engineering is definitely in there, but it's more like one step in some. And perhaps involves four out of ten.
These tend to both be examples of poor tech solutions, unless it’s your sysadmins being tricked to download and install malware.