Abnormal Security released a report which examines the escalating adverse financial and reputational impact of advanced socially-engineered and never-seen-before email attacks to organizations worldwide. Over the course of the last quarter, researchers saw a significant increase in credential phishing, as well as brute force attacks, which are used to obtain personal information such as passwords, passphrases and usernames through a string of continuous, automated attempts. Once accessed, compromised accounts can be leveraged to send additional attacks to coworkers, partners and vendors, and provide the credentials necessary to infiltrate other parts of the organization. Credential phishing and account takeover is also a major issue because it provides the access needed to launch other more nefarious types of attacks such as ransomware and malware.
Phishing and brute forcing are two of the most common ways for attackers to get an initial foothold on the network. The best defense against phishing is email filtering and training employees to recognize and report phishing emails, and to not click on suspicious links or enable macros on attached documents. VPNs and RDP passwords can be brute forced, and the best practice is not to expose RDP to the Internet unless absolutely necessary and enable MFA for all such accounts. Good defense against these methods, combined with regular patching of any Internet-facing devices, can do a lot to defend any organization, as Remote Code Execution (RCE) exploits are relatively rare and there are often patches released soon after they are discovered.