According to the report, attackers do their homework to uncover vulnerabilities, like open ports and misconfigured systems, as evidenced by the 242 million reconnaissance scans of customer networks and assets. The top reconnaissance tools employed by adversaries include vulnerability scanners, botnets and phishing. Once inside a network, adversaries made 2.6 million attempts to modify or create new firewall rules to establish external communications for command-and-control operations and data exfiltration.

Adversaries used various methods, including remote desktop, theft and brute force attacks to steal credentials and gain unauthorized access to customer networks. Customer logs documented over 54 million attempts to exploit credentials for initial access. Additionally, bad actors capitalized on vulnerable Remote Desktop Protocol (RDP) configurations, resulting in over 185 million attempts to gain remote access. Unauthenticated users also exploited vulnerabilities in Transmission Control Protocol (TCP) and made 139 million attempts to establish connections to victim servers. Furthermore, credential-stealing malware contributed to 159 million attempts by adversaries to steal and use credentials to infiltrate compromised networks.

According to the report, the Apache Log4j vulnerability remains a significant threat due to the widespread deployment of millions of Java applications, leaving 72% of organizations vulnerable to exploits.

IT and technical service customers saw an increase in DDos attempts, making up 25% of attempts, joining education (46%), finance (14%) and healthcare (13%) as the most targeted industry segments.

Read the full report here.