According to the latest Arctic Wolf Labs Threat Report for 2024, the landscape of cybersecurity incidents continues to evolve. One of the most significant findings is the rise of external remote access as a major attack vector, now responsible for 39% of non-BEC (Business Email Compromise) incidents, compared to last year’s 24%. This shift is driven largely by attackers capitalizing on weak password hygiene, poor credential management, and vulnerabilities in widely used tools like Remote Desktop Protocol (RDP), VPNs, and remote monitoring solutions (RMM).
Over 70% of cybersecurity threats stem from systems that are easily accessible online, marking a significant trend in attack vectors. Notably, human error continues to be a critical weakness, contributing to 24.4% of incidents, while supply chain vulnerabilities account for 3.3%. High-profile breaches, like the Snowflake incident which impacted major entities including AT&T, Ticketmaster, and Santander, underscore the cascading effects of such exposures.
Why the Shift?
The increase in external remote access attacks boils down to one key factor: ease. Cybercriminals can purchase compromised credentials on the dark web, or exploit weak and reused passwords to gain access to critical systems. Once inside, they operate under the guise of a legitimate user, making it harder for organizations to detect malicious activity. This shift highlights the need for businesses to prioritize password policies, enforce multi-factor authentication (MFA), and regularly audit their remote access infrastructure.
Decline in Exploited Vulnerabilities
While external exploits, such as attacks on unpatched systems, dropped to 29%, they remain a significant threat, especially when organizations fail to apply security updates. Zero-day vulnerabilities continue to pose a risk, but the greater issue is unpatched systems, which create an open door for attackers.
Misconfigurations and Their Role in Remote Access
A portion of these external access breaches is attributed to misconfigurations, such as open ports and externally exposed websites. Penetration testing and red teaming are crucial practices to identify these vulnerabilities before attackers do.
Final Thoughts for CISOs
As attackers adapt, so must your organization. With the rise of external remote access as the top attack vector, CISOs need to ensure network security, password management, and remote access tools are regularly tested and updated. By addressing these key vulnerabilities now, you can protect your organization from becoming an easy target.