Exploitation of privilege escalation vulnerabilities accounted for 55% of insider threats from January 2021 to April 2023, while the remainder of threats involved offensive tool misuse, reports BleepingComputer.
Threat actors have mostly leveraged the Windows privilege escalation flaw, tracked as CVE-2023-0213, the DirtyPipe Linux kernel pipe operations flaw, tracked as CVE-2022-0847, the PwnKit Linux flaw, tracked as CVE-2021-4034, the Linux bug, tracked as CVE-2019-13272, and Windows kernel mode driver win32k.sys-targeting bugs, tracked as CVE-2015-1701 and CVE-2014-4113, to facilitate insider attacks, according to a CrowdStrike report.
The findings also showed that disorderly exploit testing, inappropriate offensive security tool execution, insecure code downloads, and other unintended risks have stemmed from almost 50% of insider incidents during the study period, with some of the risks caused by exploit testing on production workstations.
Researchers also found that insider incidents have resulted in corporate losses amounting to $648,000 and $485,000 on average for malicious and non-malicious incidents, respectively.
Over half of insider threats involved privilege escalation flaws
Exploitation of privilege escalation vulnerabilities accounted for 55% of insider threats from January 2021 to April 2023, while the remainder of threats involved offensive tool misuse, reports BleepingComputer.
For cybersecurity professionals seeking the most current insights and solutions to keep up with such high demand, SailPoint Technologies' Navigate conference offers a prime opportunity. The 11th annual event, running Oct. 21-24 in Orlando, is expected to draw 1,500 decision-makers, administrators, operators, and developers for four days of sessions, keynotes, networking, and training.
Despite enterprises' increased use of multi-factor authentication, phishing techniques like adversary-in-the-middle attacks allow attackers to bypass this security feature and steal credentials.